Brodsky v. Apple Inc.
Filing
40
Order by Judge Lucy H. Koh Granting #32 Motion to Dismiss Without Prejudice.(lhklc4, COURT STAFF) (Filed on 8/30/2019)
<![CDATA[
1
2
3
4
5
6
7
8
UNITED STATES DISTRICT COURT
9
NORTHERN DISTRICT OF CALIFORNIA
10
SAN JOSE DIVISION
United States District Court
Northern District of California
11
12
JAY BRODSKY, et al.,
Case No. 19-CV-00712-LHK
Plaintiffs,
13
ORDER GRANTING WITHOUT
PREJUDICE APPLE’S MOTION TO
DISMISS
v.
14
15
APPLE INC.,
Re: Dkt. No. 32
Defendant.
16
17
Plaintiffs Jay Brodsky, Brian Tracey, Alex Bishop, and Brendan Schwartz (“Plaintiffs”)
18
19
bring this putative class action against Defendant Apple Inc. (“Apple”) for alleged privacy and
20
property violations based on Apple’s two-factor authentication login tool. Before the Court is
21
Apple’s motion to dismiss Plaintiffs’ first amended complaint (“FAC”). Having considered the
22
submissions of the parties, the relevant law, and the record in this case, the Court GRANTS
23
Apple’s motion to dismiss without prejudice.
24
I.
25
26
27
28
BACKGROUND
A. Factual Background
Plaintiffs are individuals residing in the United States. ECF No. 13 (“FAC”), ¶ 7. Apple is
a California corporation that designs and sells products including iPhones, iPads, Macbooks,
1
Case No. 19-CV-00712-LHK
ORDER GRANTING WITHOUT PREJUDICE APPLE’S MOTION TO DISMISS
1
Apple TVs, and Apple Watches. Id. ¶¶ 8, 14. Once a consumer buys an Apple product, the Apple
2
product is associated with the consumer’s Apple ID, which is the individual’s email address. Id.
3
An Apple ID is required to use Apple services, such as FaceTime and iMessage. Id. ¶ 15.
4
Plaintiffs allege that Apple’s provision of two-factor authentication (“2FA”) as an Apple
5
ID login process violates Plaintiffs’ right to privacy. Id. ¶ 1. 2FA is enabled in three instances:
6
“(i) a software update occurs on one of the Apple devices; (ii) on creation of a new Apple ID; or
7
(iii) owner of the Apple device turns on two-factor authentication in the Settings.” Id. ¶ 16.
8
When enabled, 2FA requires a multi-step login process before a user can access Apple
services. First, the user must enter his Apple ID password on the Apple device on which the user
10
wishes to use Apple services. Id. Second, the user must enter his Apple ID password on a second
11
United States District Court
Northern District of California
9
trusted Apple device and wait to receive a six-digit verification code on the second Apple device.
12
Id. Third, the user must enter the six-digit verification code on the first Apple device. Id.
13
According to Plaintiffs, 2FA takes “2-5 or more minutes” than other login processes. Id.
14
After 2FA is enabled, Apple will sometimes send an email to the user that explains that the
15
user can disable 2FA: “If you didn’t enable two-factor authentication and believe someone else
16
has access to your account, you can return to your previous security settings. This link and your
17
Apple ID security questions will expire on October 15, 2018.” Id. ¶ 18. Plaintiffs allege that the
18
link allowing a user to disable 2FA expires within 14 days after 2FA’s enablement. Id. The email
19
also explains that 2FA “is an additional layer of security designed to ensure that you’re the only
20
person who can access your account, even if someone knows your password” and that 2FA
21
“significantly improves the security of your Apple ID and helps protect the photos, documents,
22
and other data you store with Apple.” Id.
23
24
25
26
27
28
Plaintiff Brodsky alleges that in September 2015, a software update enabled 2FA for
Plaintiff Brodsky’s Apple ID. Id. ¶ 19.
Plaintiff Tracey alleges that he was “forced to enable 2FA for a software update on his
Apple devices.” Id. ¶ 20.
Plaintiff Bishop alleges that “based on an unforeseen consequence outside of his control,”
2
Case No. 19-CV-00712-LHK
ORDER GRANTING WITHOUT PREJUDICE APPLE’S MOTION TO DISMISS
1
he lost access to his second trusted Apple device, which he used for 2FA. Id. ¶ 21. Plaintiff
2
Bishop could not access Apple services using Apple ID “for days.” Id.
3
Plaintiff Schwartz alleges that he lost his second trusted Apple device “based on events
4
outside of his control.” Id. ¶ 22. Then, Apple placed Plaintiff Schwartz in its account recovery
5
process and Plaintiff Schwartz could not use his Apple ID “for months.” Id.
6
B. Procedural History
On February 8, 2019, Plaintiff Brodsky filed this lawsuit against Apple. ECF No. 1. On
7
March 29, 2019, Plaintiffs filed the FAC, with Tracey, Bishop, and Schwartz added as named
9
Plaintiffs. ECF No. 13. The FAC alleges five causes of action: (1) trespass to chattels, id. ¶¶ 47–
10
52; (2) violation of the California Invasion of Privacy Act (“CIPA”), California Penal Code § 631,
11
United States District Court
Northern District of California
8
id. ¶¶ 53–56; (3) violation of the California Computer Crime Law (“CCCL”), California Penal
12
Code § 502, id. ¶¶ 57–69; (4) violation of the Computer Fraud and Abuse Act (“CFAA”), 18
13
U.S.C. § 1030, id. ¶¶ 70–78; and (5) unjust enrichment, id. ¶¶ 79–81.
14
Plaintiffs bring suit on behalf of the following putative class:
15
All persons or entities in the United States who own or owned an Apple Watch,
iPhone, iPad, MacBook, or iMac or use Apple Services that have enabled two-factor
authentication (“2FA”), subsequently want to disable 2FA, and are not allowed to
disable 2FA.
16
17
18
Id. ¶ 29. The class period began “when Apple introduced 2FA in 2015.” Id. ¶ 28.
19
On May 1, 2019, Apple filed the instant motion to dismiss Plaintiffs’ FAC. ECF No. 32
20
(“Mot.”). On May 15, 2019, Plaintiffs filed an opposition. ECF No. 34 (“Opp.”). On May 22,
21
2019, Apple filed a reply in support of its motion to dismiss. ECF No. 37 (“Reply”).
On May 15, 2019, the parties filed a joint case management statement. ECF No. 35. In the
22
23
joint case management statement, Apple asked the Court to stay discovery until after the Court
24
determines whether Plaintiffs can state a claim. Id. at 6. On May 16, 2019, the Court continued
25
the May 22, 2019 case management conference to September 25, 2019 and stayed discovery “until
26
the Court orders otherwise.” ECF No. 36.
27
II.
28
LEGAL STANDARD
3
Case No. 19-CV-00712-LHK
ORDER GRANTING WITHOUT PREJUDICE APPLE’S MOTION TO DISMISS
1
2
3
4
5
6
7
8
9
10
United States District Court
Northern District of California
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
A. Motion to Dismiss Under Federal Rule of Civil Procedure 12(b)(6)
Rule 8(a)(2) of the Federal Rules of Civil Procedure requires a complaint to include “a
short and plain statement of the claim showing that the pleader is entitled to relief.” A complaint
that fails to meet this standard may be dismissed pursuant to Federal Rule of Civil Procedure
12(b)(6). The United States Supreme Court has held that Rule 8(a) requires a plaintiff to plead
“enough facts to state a claim to relief that is plausible on its face.” Bell Atlantic Corp. v.
Twombly, 550 U.S. 544, 570 (2007). “A claim has facial plausibility when the plaintiff pleads
factual content that allows the court to draw the reasonable inference that the defendant is liable
for the misconduct alleged.” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009). “The plausibility
standard is not akin to a probability requirement, but it asks for more than a sheer possibility that a
defendant has acted unlawfully.” Id. (internal quotation marks omitted). For purposes of ruling
on a Rule 12(b)(6) motion, the Court “accept[s] factual allegations in the complaint as true and
construe[s] the pleadings in the light most favorable to the nonmoving party.” Manzarek v. St.
Paul Fire & Marine Ins. Co., 519 F.3d 1025, 1031 (9th Cir. 2008).
The Court, however, need not accept as true allegations contradicted by judicially
noticeable facts, see Schwarz v. United States, 234 F.3d 428, 435 (9th Cir. 2000), and it “may look
beyond the plaintiff’s complaint to matters of public record” without converting the Rule 12(b)(6)
motion into a motion for summary judgment, Shaw v. Hahn, 56 F.3d 1128, 1129 n.1 (9th Cir.
1995). Nor must the Court “assume the truth of legal conclusions merely because they are cast in
the form of factual allegations.” Fayer v. Vaughn, 649 F.3d 1061, 1064 (9th Cir. 2011) (per
curiam) (internal quotation marks omitted). Mere “conclusory allegations of law and unwarranted
inferences are insufficient to defeat a motion to dismiss.” Adams v. Johnson, 355 F.3d 1179, 1183
(9th Cir. 2004).
B. Leave to Amend
If the Court determines that a complaint should be dismissed, it must then decide whether
to grant leave to amend. Rule 15(a) of the Federal Rules of Civil Procedure states that leave to
amend “shall be freely given when justice so requires,” bearing in mind “the underlying purpose
4
Case No. 19-CV-00712-LHK
ORDER GRANTING WITHOUT PREJUDICE APPLE’S MOTION TO DISMISS
1
of Rule 15 to facilitate decisions on the merits, rather than on the pleadings or technicalities.”
2
Lopez v. Smith, 203 F.3d 1122, 1127 (9th Cir. 2000) (en banc) (alterations and internal quotation
3
marks omitted). When dismissing a complaint for failure to state a claim, “a district court should
4
grant leave to amend even if no request to amend the pleading was made, unless it determines that
5
the pleading could not possibly be cured by the allegation of other facts.” Id. at 1130. Thus, leave
6
to amend generally shall be denied only if allowing amendment would unduly prejudice the
7
opposing party, cause undue delay, or be futile, or if the moving party has acted in bad faith.
8
Leadsinger, Inc. v. BMG Music Publ’g, 512 F.3d 522, 532 (9th Cir. 2008).
9
III.
DISCUSSION
Apple moves to dismiss each of Plaintiffs’ claims for failure to state a claim. Apple also
11
United States District Court
Northern District of California
10
contends that certain claims are barred by the statute of limitations or must be dismissed because
12
Plaintiffs fail to allege their states of residence. The Court first addresses the sufficiency of each
13
of Plaintiffs’ individual claims. Then, the Court addresses Apple’s other arguments that the FAC
14
is deficient.
15
A. Claim for Trespass to Chattels
16
Plaintiffs allege that Apple committed trespass to chattels because Apple “interfered with
17
Plaintiffs and Class Members’ possessory interest of their one or more Apple devices by requiring
18
an extraneous login process through two-factor authentication that is imposed on Plaintiffs and
19
Class Members without authorization or consent.” FAC ¶ 48.
20
Under California law, trespass to chattels “lies where an intentional interference with the
21
possession of personal property has proximately caused injury.” Intel Corp. v. Hamidi, 30 Cal.
22
4th 1342, 1350–51 (2003). To state a trespass to chattels claim, a plaintiff must plead that “(1) the
23
defendant intentionally and without authorization interfered with plaintiff’s possessory interest in
24
the computer system; and (2) defendant’s unauthorized use[] proximately caused damage.” In re
25
Facebook Internet Tracking Litig., 263 F. Supp. 3d 836, 842 (N.D. Cal. 2017) (quoting eBay, Inc.
26
v. Bidder’s Edge, Inc., 100 F. Supp. 2d 1058, 1069–70 (N.D. Cal. 2000)).
27
28
Apple argues that: (1) Apple did not enable 2FA without Plaintiffs’ authorization; and (2)
5
Case No. 19-CV-00712-LHK
ORDER GRANTING WITHOUT PREJUDICE APPLE’S MOTION TO DISMISS
1
Plaintiffs have not alleged that Apple damaged Plaintiffs. The Court addresses each argument in
2
turn.
3
4
5
6
7
8
9
10
United States District Court
Northern District of California
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
1. Plaintiffs Have Not Alleged that 2FA was Enabled Without Plaintiffs’
Authorization
First, Apple contends that Plaintiffs consented to 2FA, and thus that any interference with
possession was authorized. Under Hamidi, a trespass only occurs where an interference is
“unauthorized.” 30 Cal. 4th at 1350. Accordingly, in the context of a software update,
“[v]oluntary installation runs counter to the notion that the alleged act was a trespass.” In re Apple
& ATTM Antitrust Litig., 2010 WL 3521965 (N.D. Cal. July 8, 2010), vacated in part sub nom. on
other grounds In re Apple & AT & TM Antitrust Litig., 826 F. Supp. 2d 1168 (N.D. Cal. 2011).
In the instant case, Plaintiffs do not allege facts to indicate that Plaintiffs failed to authorize
the enablement of 2FA. Rather, Plaintiffs’ FAC alleges that 2FA is enabled when an Apple ID
user voluntarily turns on 2FA, installs a software update, or creates a new Apple ID. FAC ¶ 16.
None of those means to enable 2FA permits Apple to enable 2FA unilaterally and without
Plaintiffs’ authorization.
In conclusory fashion, Plaintiff Brodsky alleges that his devices “had a software update
that enabled 2FA for Apple ID without his knowledge or consent on or around September of
2015,” and Plaintiff Tracey alleges that 2FA was “forced” upon him through a software update.
FAC ¶¶ 19–20. Plaintiffs concede in their opposition that Plaintiffs voluntarily installed the
software update, but contend that Plaintiffs did not specifically authorize the enablement of 2FA.
See Opp. at 8. Courts have recognized that “consent to enter may be limited and that a trespass
claim may lie when the scope of consent is exceeded.” In re Apple Inc. Device Performance
Litig., 347 F. Supp. 3d 434, 455 (N.D. Cal. 2018). However, in In re Apple, the plaintiffs’
complaint quoted the message that accompanied Apple’s software update and explained how the
message failed to identify additional effects of the software update. Id. Thus, the plaintiffs did not
consent to those additional effects of the software update.
By contrast, Plaintiff Brodsky has offered no information about the 2015 software update
6
Case No. 19-CV-00712-LHK
ORDER GRANTING WITHOUT PREJUDICE APPLE’S MOTION TO DISMISS
1
that allegedly enabled 2FA on his phone, nor about whether Plaintiff Brodsky read or reviewed the
2
message that accompanied the update and whether the message disclosed that the update would
3
enable 2FA. Nor has Plaintiff Tracey alleged any facts related to his “forced” enablement of 2FA.
4
Plaintiffs’ bald assertions in the FAC that they did not consent to enablement of 2FA is a legal
5
conclusion not entitled to the presumption of truth. See In re Gilead Scis. Sec. Litig., 536 F.3d
6
1049, 1055 (9th Cir. 2008) (holding that a court need not accept as true “allegations that are
7
merely conclusory”). Although Plaintiffs raise such arguments in their opposition brief, these
8
allegations do not appear in the FAC, and Plaintiffs have not alleged that any interference with
9
their devices was not authorized by Plaintiffs. In fact, neither Plaintiff Bishop nor Plaintiff
Schwartz even specifies how they enabled 2FA on their Apple devices, or alleges that enablement
11
United States District Court
Northern District of California
10
was involuntary. See FAC ¶¶ 21–22.
12
2. Plaintiffs Have Not Alleged that Any Trespass Harmed Plaintiffs
13
Plaintiffs have also failed to allege that Apple harmed Plaintiffs through 2FA. The
14
California Supreme Court has explained that, “while a harmless use or touching of personal
15
property may be a technical trespass (see Rest. 2d of Torts, § 217), an interference (not amounting
16
to dispossession) is not actionable under modern California and broader American law without a
17
showing of harm.” Intel Corp., 30 Cal. 4th at 1350–51. In the context of a trespass to a computer
18
system, a plaintiff must allege “that the purported trespass: (1) caused physical damage to the
19
personal property, (2) impaired the condition, quality, or value of the personal property, or (3)
20
deprived plaintiff of the use of personal property for a substantial time.” Fields v. Wise Media,
21
LLC, 2013 WL 5340490, at *4 (N.D. Cal. Sept. 24, 2013).
22
In the instant case, Plaintiffs allege that “[e]ach login process takes an additional estimated
23
2-5 more minutes with 2FA.” FAC ¶ 17. Plaintiffs’ allegations are plainly insufficient to allege
24
the requisite showing of harm. In In re iPhone Application Litigation, this Court concluded that
25
Apple programs that consumed the devices’ memory and “shortened the[ir] battery life” were
26
insufficient to state a claim. 844 F. Supp. 2d 1040, 1069 (N.D. Cal. 2012). The allegations did
27
not suggest that Apple’s trespass “caused an interference with the intended functioning” of the
28
7
Case No. 19-CV-00712-LHK
ORDER GRANTING WITHOUT PREJUDICE APPLE’S MOTION TO DISMISS
1
devices. Id.; see also Hamidi, 30 Cal. 4th at 1347 (holding that trespass to chattels “does not
2
encompass, and should not be extended to encompass, an electronic communication that neither
3
damages the recipient computer system nor impairs its functioning”).
In the instant case, a delay of 2-5 minutes does not impair the functioning of Plaintiffs’
4
5
Apple devices or Apple IDs. Plaintiffs do not allege that 2FA prevents Plaintiffs from logging in
6
after that delay, or that Plaintiffs’ devices are “damaged” by the delay. See Engle v. Unified Life
7
Ins. Co., Inc., 2014 WL 12508347, at *7 (S.D. Cal. Oct. 27, 2014) (concluding that impairment of
8
devices for the “duration of a phone call” did not qualify as harm sufficient to state a trespass to
9
chattels claim). Plaintiffs’ opposition argues that Plaintiffs suffer “dispossession” and are
“blocked 100% from accessing their own devices,” in an apparent attempt to parrot the language
11
United States District Court
Northern District of California
10
of Hamidi. Opp. at 12. However, Plaintiffs do not identify any such allegation in the FAC, nor do
12
Plaintiffs explain whether the alleged “100%” blockage is distinct from the 2-5 minute login
13
delay.
14
Alternatively, Plaintiffs contend that Plaintiffs suffer longer dispossessions “when access
15
to a trusted device to receive 2FA passcode [sic] is lost.” Opp. at 10. However, Plaintiffs do not
16
allege that Apple or 2FA led Plaintiffs to lose access to their trusted devices. Plaintiff Bishop lost
17
access to his trusted device “based on an unforeseen consequence outside of his control” and
18
Plaintiff Schwartz lost access to his trusted device “based on events outside of his control.” FAC
19
¶¶ 21–22. In neither instance did Apple or 2FA cause Plaintiffs’ dispossession from their Apple
20
devices and Apple services. See Thrifty-Tel, Inc. v. Bezenek, 46 Cal. App. 4th 1559, 1566 (1996)
21
(holding that a trespass to chattels occurs only where the interference “has proximately caused
22
injury”). Thus, Plaintiffs have not adequately alleged that Apple interfered with Plaintiffs’
23
possession of their devices.
24
Accordingly, the Court GRANTS Apple’s motion to dismiss Plaintiffs’ trespass to chattels
25
claim. Because granting Plaintiffs an additional opportunity to amend the complaint would not be
26
futile, cause undue delay, or unduly prejudice Apple, and Plaintiffs have not acted in bad faith, the
27
Court grants leave to amend. See Leadsinger, Inc., 512 F.3d at 532.
28
8
Case No. 19-CV-00712-LHK
ORDER GRANTING WITHOUT PREJUDICE APPLE’S MOTION TO DISMISS
1
2
3
4
5
6
7
8
9
10
United States District Court
Northern District of California
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
B. Claim for Violation of the California Information Privacy Act (“CIPA”)
Next, the Court discusses Plaintiffs’ CIPA claim. Plaintiffs allege that Apple violated the
CIPA because via 2FA, “Apple, by injecting itself in the process by requiring extra logging [sic]
steps, has acquired without authorization confidential electronic communication owned by
Plaintiffs and Class Members.” FAC ¶ 54.
The CIPA is an anti-wiretapping statute that is violated when a person, without
authorization, “reads, or attempts to read, or to learn the contents or meaning of any message,
report, or communication while the same is in transit or passing over any wire, line, or cable.”
Cal. Penal Code § 631(a). The CIPA was “passed to protect against the invasion of privacy.”
Matera v. Google Inc., 2016 WL 5339806, at *10 (N.D. Cal. Sept. 23, 2016). The CIPA requires
the “interception of an electronic communication.” Bradley v. Google, Inc., 2006 WL 3798134, at
*5–6 (N.D. Cal. Dec. 22, 2006). In the instant case, Plaintiffs contend that 2FA violates Plaintiffs’
privacy rights under the CIPA, even though the face of Plaintiffs’ own pleading indicates that
“[t]wo-factor authentication is an additional layer of security designed to ensure that you’re the
only person who can access your account, even if someone knows your password.” FAC ¶ 18.
In its motion to dismiss, Apple principally argues that (1) the CIPA prohibits only a third
party’s interceptions and that Apple is not a third party; and (2) Plaintiffs fail to allege the contents
of any communications that Apple intercepted. The Court addresses each argument in turn.
1. Plaintiffs Fail to Allege that Apple was Not a Party to the Communications
Courts have interpreted the CIPA to prohibit only “third party access to ongoing
communications.” In re Facebook Internet Tracking Litig., 263 F. Supp. 3d 836, 845 (N.D. Cal.
2017). In In re Facebook, the district court held that Facebook could not “intercept”
communications to which Facebook was already a party. Id. at 844–45; see Thomasson v. GC
Servs. Ltd. P’Ship, 321 F. App’x 557, 559 (9th Cir. 2008) (explaining that California courts
interpret the anti-eavesdropping provision of the CIPA “to refer to a third party secretly listening
to a conversation between two other parties”).
In the instant case, Plaintiffs allege only that Apple intercepted “Plaintiffs’ login activities
9
Case No. 19-CV-00712-LHK
ORDER GRANTING WITHOUT PREJUDICE APPLE’S MOTION TO DISMISS
1
through 2FA that requires connecting with Apple’s servers on the internet.” FAC ¶ 26. Thus, the
2
only communications that Plaintiffs allege Apple “intercepted” are Plaintiffs’ communications to
3
Apple. As in In re Facebook, Apple cannot intercept communications to which Apple is already a
4
party. Thus, Plaintiffs have not alleged a violation of the CIPA.
5
Ramos v. Capitol One, N.A., 2017 WL 3232488 (N.D. Cal. July 27, 2017), is not to the
6
contrary. In Ramos, the district court concluded that a defendant could be liable for intercepting a
7
communication between two other parties on the defendant’s phone lines. Id. at *9. Ramos is
8
inapplicable to the instant case, in which Plaintiffs’ “login activities” are communications that
9
Plaintiffs send to Apple’s servers. Unlike in Ramos, Plaintiffs do not allege that Apple is
intercepting via its servers Plaintiffs’ communications with a third party. Moreover, other Apple
11
United States District Court
Northern District of California
10
ID login methods presumably also require Plaintiffs to communicate with Apple’s servers. Yet
12
Plaintiffs do not challenge those login methods as invasions of privacy. Thus, Plaintiffs have
13
failed to allege that via 2FA, Apple was a third party that intercepted Plaintiffs’ communications
14
with another entity.
15
2. Plaintiffs Have Failed to Allege the Contents of Any Intercepted Communication
16
Second, Plaintiffs have also failed to identify the contents of any communication that
17
Apple allegedly intercepted, as required to state a claim under the CIPA. See Cal. Penal Code §
18
631(a) (prohibiting unauthorized access of the “contents” of any communication). “The analysis
19
for a violation of CIPA is the same as that under the federal Wiretap Act.” Cline v. Reetz-Laiolo,
20
329 F. Supp. 3d 1000, 1051 (N.D. Cal. 2018) (citation omitted).
21
Under the Wiretap Act, the term “contents” is defined as “any information concerning the
22
substance, purport, or meaning of that communication.” 18 U.S.C. § 2510. The Ninth Circuit has
23
held that “record information regarding the characteristics of the message that is generated in the
24
course of the communication” does not qualify as “contents.” In re Zynga Privacy Litig., 750 F.3d
25
1098, 1106 (9th Cir. 2014). For example, text messages qualify as contents under the Wiretap
26
Act. In re Carrier IQ, Inc., 78 F. Supp. 3d 1051, 1083 (N.D. Cal. 2015). However, user names,
27
passwords, and geographic location information are not contents. Id. at 1082, 1084.
28
10
Case No. 19-CV-00712-LHK
ORDER GRANTING WITHOUT PREJUDICE APPLE’S MOTION TO DISMISS
1
In the instant case, Plaintiffs allege only that Apple intercepted Plaintiffs’ “login
2
activities,” or presumably Plaintiffs’ user names and passwords. In re Zynga forecloses a CIPA
3
claim predicated on such record information. In re Carrier IQ explicitly held that user names and
4
passwords are not “contents” under the Wiretap Act. 78 F. Supp. 3d at 1082, 1084. Plaintiffs
5
attempt to distinguish these precedents by contending that when 2FA prevents a user from
6
accessing his Apple ID or services (such as when the user has lost his trusted device), Apple has
7
“intercepted” the user’s communication with the Apple service. See Opp. at 14. However, if a
8
user cannot access an Apple service like FaceTime due to 2FA, as Plaintiffs allege, the user cannot
9
create any communication over FaceTime for Apple to “intercept.” Thus, Plaintiffs have failed to
10
allege the contents of any communication that Apple intercepted.
Moreover, the only communications discussed in Plaintiff’s FAC are Plaintiff’s
United States District Court
Northern District of California
11
12
communications with Apple, which are not third-party communications. Because Plaintiffs’
13
communications with Apple are not communications with a third party, Apple cannot “intercept”
14
them.
15
Accordingly, the Court GRANTS Apple’s motion to dismiss Plaintiffs’ CIPA claim.
16
Because granting Plaintiffs an additional opportunity to amend the complaint would not be futile,
17
cause undue delay, or unduly prejudice Apple, and Plaintiffs have not acted in bad faith, the Court
18
grants leave to amend. See Leadsinger, Inc., 512 F.3d at 532.
19
C. Claims for Violation of the Computer Fraud and Abuse Act (“CFAA”)
20
Next, the Court discusses Plaintiffs’ claims under the federal CFAA. Plaintiffs allege that
21
Apple “intentionally accessed through the 2FA feature Plaintiffs’ and Class Members’ computers”
22
and that Apple “knowingly caused the transmission of information, i.e. sending and receiving of
23
six-digit verification code [sic] on another device.” FAC ¶¶ 71–72. Plaintiffs bring claims under
24
two provisions of the CFAA, 18 U.S.C. § 1030(a)(2) and § 18 U.S.C. § 1030(a)(5). Id.
25
The CFAA is an anti-hacking statute that creates liability where a defendant “intentionally
26
accesses a computer without authorization or exceeds authorized access,” and thus obtains
27
“information from any protected computer” or financial records. 18 U.S.C. § 1030(a)(2). The
28
11
Case No. 19-CV-00712-LHK
ORDER GRANTING WITHOUT PREJUDICE APPLE’S MOTION TO DISMISS
1
CFAA also creates liability for “knowingly caus[ing] the transmission of a program, information,
2
code, or command, and as a result of such conduct, intentionally caus[ing] damage without
3
authorization, to a protected computer.” Id. at § 1030(a)(5)(A)(i). Thus, “the plain language of
4
the CFAA target[s] the unauthorized procurement or alteration of information, not its misuse or
5
misappropriation.” United States v. Nosal, 676 F.3d 854, 863 (9th Cir. 2012) (en banc) (alteration
6
in original) (citation omitted). Under the CFAA, Plaintiffs must also plead that Apple’s actions
7
caused loss of more than $5,000 during any one-year period. LVRC Holdings LLC v. Brekka, 581
8
F.3d 1127, 1131–32 (9th Cir. 2009) (citing 18 U.S.C. § 1030(a)).
9
Finally, the CFAA was enacted “primarily to address the growing problem of computer
hacking,” such that the en banc Ninth Circuit has favored an interpretation of the statute that
11
United States District Court
Northern District of California
10
“maintains the CFAA’s focus on hacking rather than turning it into a sweeping Internet-policing
12
mandate.” Nosal, 676 F.3d at 858. Given that instruction, the Court is exceedingly skeptical of
13
Plaintiffs’ theory that 2FA—an Apple login method that according to Plaintiff’s FAC
14
“significantly improves the security of [a user’s] Apple ID”—can render Apple liable under the
15
CFAA, particularly given Plaintiffs’ vague and conclusory allegations. FAC ¶ 18.
16
In its motion to dismiss, Apple contends that Plaintiffs have failed to plead that (1) Apple
17
hacked into Plaintiffs’ devices without authorization; and (2) any Apple actions caused $5,000 in
18
damages in any given one-year period. The Court agrees.
19
1. Plaintiffs Have Not Alleged That Any Access Was Unauthorized
20
First, both CFAA provisions under which Plaintiffs bring their claims apply only where a
21
defendant accesses or transmits a program to a computer “without authorization” or by “exceeding
22
authorized access.” Accordingly, the Ninth Circuit has held that “a defendant can run afoul of the
23
CFAA when he or she has no permission to access a computer or when such permission has been
24
revoked explicitly.” Facebook, Inc. v. Power Ventures, Inc., 844 F.3d 1058, 1067 (9th Cir. 2016).
25
For example, in Power Ventures, the defendant had “arguable permission to access Facebook’s
26
computers” until Facebook expressly rescinded that authorization via a cease and desist letter. Id.
27
28
As explained in the discussion of Plaintiffs’ trespass to chattels claim, Plaintiffs only
12
Case No. 19-CV-00712-LHK
ORDER GRANTING WITHOUT PREJUDICE APPLE’S MOTION TO DISMISS
1
conclusorily allege that Plaintiffs did not authorize 2FA, but concede that Plaintiffs voluntarily
2
installed the software update that enabled 2FA. On that ground alone, Plaintiffs’ CFAA claim
3
fails. In the CFAA context, a user would have “serious difficulty” pleading a CFAA violation
4
based on the voluntary installation of software. In re iPhone Application Litig., 844 F. Supp. 2d
5
1040, 1066 (N.D. Cal. 2012); see also In re Apple Inc. Device Performance Litig., 347 F. Supp. 3d
6
434, 452 (N.D. Cal. 2018) (holding that plaintiffs authorized Apple’s access to devices when they
7
“chose to voluntarily download and install” Apple’s software updates); In re Sony PS3 Other OS
8
Litig., 551 F. App’x 916, 923 (9th Cir. 2014) (holding that voluntary installation rebuts a claim of
9
unauthorized access under the CFAA). As explained above, Plaintiffs Brodsky and Tracey
10
United States District Court
Northern District of California
11
enabled 2FA when they downloaded software updates from Apple. Id. ¶¶ 19–20.
To the extent Plaintiffs attempt to allege that Apple exceeded Plaintiffs’ authorization,
12
Plaintiffs do not allege that Plaintiffs revoked any consent for Apple’s servers to receive Plaintiffs’
13
login activities. Plaintiffs also do not explain how Apple’s access to Plaintiffs’ “login activities”
14
via 2FA is at all different from Apple’s access to such login activities when Plaintiffs employ a
15
different Apple ID login method. Moreover, Plaintiffs do not allege any facts related to the scope
16
of Plaintiff Brodsky’s authorization when he downloaded the software update, such as that
17
Plaintiff Brodsky authorized Apple to access his Apple ID and device for all purposes except for
18
2FA, or that Apple hid information about 2FA in the message that accompanied the software
19
update. See Synopsys, Inc. v. Ubiquiti Networks, Inc., 313 F. Supp. 3d 1056, 1070 (N.D. Cal.
20
2018) (holding that allegations of “hidden” software were sufficient to allege that the defendant’s
21
access exceeded the plaintiff’s authorization).
22
Plaintiffs’ legal conclusion that Apple’s access to Plaintiffs’ Apple IDs was unauthorized
23
is insufficient to state a claim. This is particularly true given the Ninth Circuit’s instruction that
24
the CFAA was enacted “primarily to address the growing problem of computer hacking,” and that
25
the CFAA should be interpreted narrowly. Nosal, 676 F.3d at 858. The facts alleged in the FAC
26
permit no inference that Apple “hacked” into Plaintiffs’ devices or Apple IDs. Allowing CFAA
27
claims to proceed on such conclusory, thin allegations “would expand the CFAA too far.” In re
28
13
Case No. 19-CV-00712-LHK
ORDER GRANTING WITHOUT PREJUDICE APPLE’S MOTION TO DISMISS
1
Apple Inc. Device Performance Litig., 347 F. Supp. 3d at 453. At base, Plaintiffs’ FAC alleges a
2
claim that 2FA slows down the login process, not a hacking claim.
3
2. Plaintiffs Have Also Failed to Plead $5,000 in Damages
4
Second, Plaintiffs have failed to plead damages under the CFAA. Although Plaintiffs
5
make the conclusory allegation that Plaintiffs suffered “economic loss with an aggregated value of
6
at least $5,000 during a one-year period,” Plaintiffs allege no facts to support that conclusion.
7
FAC ¶ 76. At most, Plaintiffs allege that 2FA delays Plaintiffs’ login to their Apple IDs by 2-5
8
minutes. Id. ¶ 17. Even the allegation that an application “consume[s] valuable memory space” is
9
insufficient to allege that the application “impairs Plaintiffs’ devices or interrupts service”
sufficient to show $5,000 in damage under the loss requirements of the CFAA. In re iPhone
11
United States District Court
Northern District of California
10
Application Litig., 844 F. Supp. 2d at 1067. Plaintiffs do not allege the dollar value of any alleged
12
damages in the FAC, let alone dollar values that could amount to $5,000. In sum, Plaintiffs’ bald
13
assertion of $5,000 in damages based on 2-5 minute login delays without any facts to support the
14
allegation is “insufficient to sustain a CFAA claim.” NovelPoster v. Javitch Canfield Grp., 140 F.
15
Supp. 3d 938, 949 (N.D. Cal. 2014).
16
Accordingly, the Court GRANTS Apple’s motion to dismiss Plaintiffs’ CFAA claim.
17
Because granting Plaintiffs an additional opportunity to amend the complaint would not be futile,
18
cause undue delay, or unduly prejudice Apple, and Plaintiffs have not acted in bad faith, the Court
19
grants leave to amend. See Leadsinger, Inc., 512 F.3d at 532.
20
D. Claims for Violation of the California Computer Crime Law (“CCCL”)
21
Next, the Court discusses Plaintiffs’ claims under the CCCL, Cal. Penal Code § 502. The
22
CCCL is also sometimes referred to as the California Comprehensive Computer Data Access and
23
Fraud Act. Facebook, Inc. v. Grunin, 77 F. Supp. 3d 965, 971 (N.D. Cal. 2015).
24
Plaintiffs bring claims under five provisions of the CCCL, Cal. Penal Code §§ 502(c)(1),
25
(3-5), (7). For each claim, Plaintiff alleges that Apple “knowingly and without permission”
26
accessed, altered, or otherwise disrupted Plaintiffs’ Apple devices. FAC ¶¶ 60–64. Case law
27
suggests that Plaintiffs’ CCCL claims rise or fall with Plaintiffs’ CFAA claims because “the
28
14
Case No. 19-CV-00712-LHK
ORDER GRANTING WITHOUT PREJUDICE APPLE’S MOTION TO DISMISS
1
necessary elements of Section 502 do not differ materially from the necessary elements of the
2
CFAA,” except in terms of damages. Multiven, Inc. v. Cisco Sys., Inc., 725 F. Supp. 2d 887, 895
3
(N.D. Cal. 2010). Unlike the CFAA, the CCCL does not impose a minimum of $5,000 in
4
damages. Cline, 329 F. Supp. 3d at 1052.
5
Like the CFAA, the CCCL prohibits only access or disruptions to a computer system that
are “without permission.” To allege that a defendant acted without permission under the CCCL, a
7
plaintiff must allege that the offending software was “designed in such a way to render ineffective
8
any barriers the Plaintiffs must wish to use to prevent access” to their information. In re Carrier
9
IQ, Inc., 78 F. Supp. 3d 1051, 1101 (N.D. Cal. 2015); see also NovelPoster v. Javitch Canfield
10
Grp., 140 F. Supp. 3d 938, 950 (N.D. Cal. 2014) (explaining that parties act without permission
11
United States District Court
Northern District of California
6
when they “circumvent[] technical or code-based barriers”) (alteration in original) (citation
12
omitted). In the instant case, Plaintiffs offer no allegations about how Plaintiffs attempted to
13
prevent 2FA’s access to their information, or how 2FA offers Apple access to Plaintiffs’
14
information that is somehow different from Apple’s access through other Apple ID login methods.
15
Again, Plaintiffs make only the conclusory allegation that Plaintiff Brodsky’s voluntary
16
installation of the software update did not equate to voluntary installation of 2FA. However,
17
Plaintiff Brodsky has offered no information about the 2015 software update that allegedly
18
enabled 2FA on his phone, nor about whether Plaintiff Brodsky read or reviewed the message that
19
accompanied the software update and whether that message disclosed that the update would
20
enable 2FA. Plaintiff Brodsky’s bald assertion that he did not give Apple permission to enable
21
2FA is a legal conclusion not entitled to the presumption of truth. See In re Gilead, 536 F.3d at
22
1055 (holding that a court need not accept as true “allegations that are merely conclusory”).
23
Moreover, Plaintiffs’ specific CCCL claims all merely parrot the language of the CCCL.
24
For example, Plaintiffs allege that “Apple knowingly and without permission has used and caused
25
to be used Plaintiffs’ and Class Members’ Apple Services and Third-Party Apps configured on
26
their Apple devices.” FAC ¶ 61. This allegation mirrors the language of California Penal Code §
27
502(c)(5), which renders liable a defendant who “[k]nowingly and without permission uses or
28
15
Case No. 19-CV-00712-LHK
ORDER GRANTING WITHOUT PREJUDICE APPLE’S MOTION TO DISMISS
1
causes to be used computer services.” Cal. Penal Code § 502(c)(5). Plaintiffs have simply
2
inserted their Apple services and third-party apps in place of “computer services.” The FAC
3
includes no factual allegations about (1) how, through 2FA, Apple was able to “use” Apple
4
Services and third-party apps; (2) which Apple Services or third-party apps Apple allegedly
5
“caused to be used”; or (3) how it is even possible for Apple to “use” a third-party app on
6
Plaintiffs’ devices—particularly if Plaintiffs’ are “locked” out of their devices. These boilerplate
7
allegations also provide a reason to dismiss Plaintiffs’ CCCL claims. See Gonzales v. Uber
8
Techs., Inc., 305 F. Supp. 3d 1078, 1090 (N.D. Cal. 2018) (granting a motion to dismiss where
9
plaintiffs made only “boilerplate allegations” of CCCL violations).
10
Accordingly, the Court GRANTS Apple’s motion to dismiss Plaintiffs’ CCCL claim.
United States District Court
Northern District of California
11
Because granting Plaintiffs an additional opportunity to amend the complaint would not be futile,
12
cause undue delay, or unduly prejudice Apple, and Plaintiffs have not acted in bad faith, the Court
13
grants leave to amend. See Leadsinger, Inc., 512 F.3d at 532.
14
E. Claim for Unjust Enrichment
15
Plaintiffs’ fifth claim is for unjust enrichment. FAC ¶ 79. However, as Apple points out,
16
California does not recognize a separate cause of action for unjust enrichment. See Hill v. Roll
17
Int’l Corp., 195 Cal. App. 4th 1295, 1307 (2011) (“Unjust enrichment is not a cause of action, just
18
a restitution claim.”). As a result, courts have consistently dismissed stand-alone claims for unjust
19
enrichment. See, e.g., Low v. LinkedIn Corp., 900 F. Supp. 2d 1010, 1031 (N.D. Cal. 2012);
20
Robinson v. HSBC Bank USA, 732 F. Supp. 2d 976, 987 (N.D. Cal. 2010).
21
In some circumstances, courts have construed purported claims for unjust enrichment as
22
quasi-contract claims seeking restitution. Astiana v. Hain Celestial Grp., Inc., 783 F.3d 753, 762
23
(9th Cir. 2015); see also Swafford v. Int’l Bus. Mach. Corp., 383 F. Supp. 3d 916, 931–32 (N.D.
24
Cal. 2019) (construing unjust enrichment cause of action as a quasi-contract claim). A quasi-
25
contract cause of action seeks “to prevent unjust enrichment in the absence of a true contract or
26
where the contract was obtained by fraud.” Fowler v. Wells Fargo Bank, N.A., 2017 WL
27
3977385, at *5 (N.D. Cal. Sept. 11, 2017) (citing McBride v. Boughton, 123 Cal. App. 4th 379,
28
16
Case No. 19-CV-00712-LHK
ORDER GRANTING WITHOUT PREJUDICE APPLE’S MOTION TO DISMISS
1
388 (2004). Generally, courts have approved quasi-contract claims premised on false and
2
misleading labels. See Khasin v. R.C. Bigelow, Inc., 2015 WL 4104868, at *3 (N.D. Cal. July 7,
3
2015) (citing cases).
In the instant case, Plaintiffs’ FAC includes no allegation that Apple is liable in quasi-
4
5
contract or that 2FA was somehow mislabeled. In their unjust enrichment claim, Plaintiffs
6
conclusorily allege that Apple has retained “information regarding online communications and
7
activities of Plaintiffs and the Class.” FAC ¶ 80. Plaintiffs’ unjust enrichment claim thus appears
8
pled as a stand-alone cause of action, and dismissal is warranted.
Accordingly, the Court GRANTS Apple’s motion to dismiss Plaintiffs’ unjust enrichment
9
claim. Because granting Plaintiffs an additional opportunity to amend the complaint would not be
11
United States District Court
Northern District of California
10
futile, cause undue delay, or unduly prejudice Apple, and Plaintiffs have not acted in bad faith, the
12
Court grants leave to amend. See Leadsinger, Inc., 512 F.3d at 532.
Finally, the Court addresses Apple’s two other arguments about deficiencies in Plaintiffs’
13
14
15
16
FAC.
F. The Statute of Limitations Bars Plaintiff Brodsky and the Putative Class’s Claims
Under the CIPA, CCCL, and CFAA
First, Apple contends that Plaintiff Brodsky’s and the putative class’s claims under the
17
CIPA, CCCL, and CFAA are all time-barred by the applicable statute of limitations.
18
Plaintiff Brodsky alleges that he enabled 2FA on his Apple devices in September 2015.
19
FAC ¶ 19. Similarly, Plaintiffs’ class period began “when Apple introduced 2FA in 2015.” Id. ¶
20
28. Plaintiff Brodsky did not file the instant putative class action until February 8, 2019,
21
approximately three and a half years after Plaintiff Brodsky alleges that he enabled 2FA on his
22
Apple devices and more than three years after Plaintiff’s class period began. ECF No. 1.
23
However, in line with the overall vagueness of Plaintiffs’ FAC, Plaintiffs Tracey, Bishop, and
24
Schwartz do not allege when 2FA was enabled on their Apple devices. See FAC ¶¶ 20–22.
25
The longest applicable statute of limitations is three years. Under the CIPA, the applicable
26
statute of limitations is one year. Ion Equip. Corp. v. Nelson, 110 Cal. App. 3d 868, 880 (1980)
27
28
17
Case No. 19-CV-00712-LHK
ORDER GRANTING WITHOUT PREJUDICE APPLE’S MOTION TO DISMISS
1
(“The statute of limitations in which to commence an action for invasion of privacy is one year.”).
2
Under the CFAA, the statute of limitations is two years from “the date of the act complained of or
3
the date of the discovery of the damage.” 18 U.S.C. § 1030(g). Under the CCCL, the statute of
4
limitations is three years. Cal. Penal Code § 502(e)(5). Accordingly, because Plaintiff Brodsky
5
and the putative class enabled 2FA in 2015, the statute of limitations ran for their CIPA claims in
6
2016, their CFAA claims in 2017, and their CCCL claims in 2018. Thus, Plaintiff Brodsky and
7
the putative class’s CIPA, CCCL, and CFAA claims are time-barred.
8
9
10
United States District Court
Northern District of California
11
Acknowledging this, Plaintiffs contend that Plaintiff Brodsky and the putative class’s
CIPA, CCCL, and CFAA claims are timely under the continuous accrual and continuing violation
doctrines. Opp. at 4. However, neither doctrine applies.
Under the continuous accrual doctrine, “a series of wrongs or injuries may be viewed as
12
each triggering its own limitations period, such as that a suit for relief may be partially time-barred
13
as to older events but timely as to those within the applicable limitations period.” Aryeh v. Canon
14
Bus. Sols., Inc., 55 Cal. 4th 1185, 1198 (2013). The continuous accrual doctrine applies where the
15
defendant owes the plaintiff a continuing duty “susceptible to recurring breaches.” Id. at 1200.
16
For example, in Aryeh, the defendant allegedly imposed unfair monthly charges on the plaintiff.
17
Id. Generally, courts have applied the continuous accrual theory only to instances in which a
18
plaintiff has “asserted a right to, or challenged the assessment of, periodic payments.” Baxter v.
19
State Teachers Retirement Sys., 18 Cal. App. 5th 340, 378 (2017); see also Garrison v. Oracle
20
Corp., 159 F. Supp. 3d 1044, 1083 (N.D. Cal. 2016) (finding the continuous accrual doctrine
21
inapplicable where the plaintiff did not allege any right to periodic payments).
22
In the instant case, Plaintiffs have not alleged any right to periodic payments, or challenged
23
Apple’s assessment of a periodic obligations. Accordingly, the continuous accrual doctrine does
24
not apply.
25
Unlike continuous accrual, the continuing violation doctrine “renders an entire course of
26
conduct actionable,” including wrongful acts that would otherwise be untimely. Aryeh, 5 Cal. 4th
27
at 1199. The continuing violation theory applies when “a wrongful course of conduct [becomes]
28
18
Case No. 19-CV-00712-LHK
ORDER GRANTING WITHOUT PREJUDICE APPLE’S MOTION TO DISMISS
1
apparent only through the accumulation of a series of harms” but not when a plaintiff experiences
2
“a series of discrete, independently actionable alleged wrongs.” Id. at 1198. The complaint must
3
feature “[a]llegations of a pattern of reasonably frequent and similar acts.” Id.
4
Plaintiffs contend that the FAC alleges a pattern of frequent and similar acts because after
5
2FA is enabled, Plaintiffs must use 2FA for each login and are thus injured on an ongoing basis.
6
Opp. at 5. To the contrary, the FAC alleges that Plaintiffs can disable 2FA within 14 days of
7
enablement, which contradicts Plaintiffs’ argument. However, even if Plaintiffs’ argument is true,
8
the continuing violation doctrine applies only where “a wrongful course of conduct [becomes]
9
apparent only through the accumulation of a series of harms.” Aryeh, 55 Cal. 4th at 1198. Any
user allegedly injured by 2FA would doubtless be aware of that injury on the user’s first attempt to
11
United States District Court
Northern District of California
10
log in to his Apple ID via 2FA. Accordingly, the continuing violation doctrine does not apply.
12
For similar reasons, Plaintiffs also cannot rely on the delayed discovery rule. Under the
13
discovery rule, “the accrual of the action may be postponed and the running of the limitations
14
period tolled until the plaintiff discovers, or has reason to discover the cause of action.” Quarry v.
15
Doe I, 53 Cal. 4th 945, 960 (2012) (citation omitted). “A plaintiff has reason to discover a cause
16
of action when he or she has reason to at least suspect a factual basis for its elements.” Id.
17
Plaintiffs’ FAC includes no allegations of delayed discovery. Rather, Plaintiffs allege that 2FA
18
delays Plaintiffs’ ability to log in to Apple ID or their Apple devices as soon as 2FA is enabled.
19
FAC ¶ 16. Accordingly, any user allegedly injured by 2FA would be aware of that injury on the
20
user’s first attempt to log in via 2FA.
21
Therefore, the statute of limitations bars Plaintiff Brodsky’s and the putative class’s claims
22
under the CIPA, CCCL, and CFAA, and the Court GRANTS Apple’s motion to dismiss Plaintiff
23
Brodsky and the putative class’s CIPA, CCCL, and CFAA claims on that ground. Because
24
granting Plaintiff Brodsky and the putative class an additional opportunity to amend the complaint
25
would not be futile, cause undue delay, or unduly prejudice Apple, and Plaintiff Brodsky and the
26
putative class have not acted in bad faith, the Court grants leave to amend. See Leadsinger, Inc.,
27
512 F.3d at 532.
28
19
Case No. 19-CV-00712-LHK
ORDER GRANTING WITHOUT PREJUDICE APPLE’S MOTION TO DISMISS
G. Standing for Common Law Claims
1
Finally, Apple also contends that Plaintiffs lack standing to bring their common law claims
2
3
4
5
6
7
8
9
for trespass to chattels and unjust enrichment because Plaintiffs fail to allege their states of
residence. See FAC ¶ 7 (alleging only that Plaintiffs are “individuals residing in the United
States”). However, the cases that Apple cites do not stand for the precise proposition that a court
may dismiss common law claims for lack of standing when a plaintiff fails to allege his state of
residence. Rather, in Johnson, for example, the court assessed whether named plaintiffs resident
in two states could bring claims under other states’ common laws. Johnson v. Nissan N. Am., Inc.,
272 F. Supp. 3d 1168, 1175 (N.D. Cal. 2017).
In the instant case, Plaintiffs have not even alleged their states of residence. Plaintiffs’
10
United States District Court
Northern District of California
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
FAC thus does not present a Johnson problem, but rather a failure under Rule 8 to “contain
sufficient allegations of underlying facts to give fair notice and to enable the opposing party to
defend itself effectively.” Starr v. Baca, 652 F.3d 1202, 1216 (9th Cir. 2011). Without any notice
as to Plaintiffs’ states of residence or which state’s law applies to each of Plaintiffs’ common law
claims, Apple cannot adequately defend itself, nor can the Court assess the sufficiency of
Plaintiffs’ claims. Plaintiffs argue their common law claims only under California law, and appear
to concede that Plaintiffs wish to proceed under California law. See Opp. at 7. In this order, the
Court has dismissed Plaintiffs’ common law claims with leave to amend. If Plaintiffs file an
amended complaint to cure the deficiencies in this order as well as in Apple’s motion to dismiss,
Plaintiffs should also amend their pleading to specify their states of residence and clarify under
which state’s common law Plaintiffs bring their trespass to chattels and unjust enrichment claims.
IV.
CONCLUSION
For the foregoing reasons, the Court GRANTS Apple’s motion to dismiss without
prejudice. Should Plaintiffs elect to file an amended complaint, Plaintiffs shall do so within thirty
days of this Order. Failure to file an amended complaint within 30 days or failure to cure the
deficiencies identified herein or in Apple’s motion to dismiss will result in dismissal with
prejudice. Plaintiffs may not add new causes of action or parties without leave of the Court or
20
Case No. 19-CV-00712-LHK
ORDER GRANTING WITHOUT PREJUDICE APPLE’S MOTION TO DISMISS
1
stipulation of the parties pursuant to Federal Rule of Civil Procedure 15.
2
IT IS SO ORDERED.
3
Dated: August 30, 2019
4
5
______________________________________
LUCY H. KOH
United States District Judge
6
7
8
9
10
United States District Court
Northern District of California
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
21
Case No. 19-CV-00712-LHK
ORDER GRANTING WITHOUT PREJUDICE APPLE’S MOTION TO DISMISS
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
