Dunstan et al v. comScore, Inc.
Filing
184
REPLY by Jeff Dunstan, Mike Harris to MOTION by Plaintiffs Jeff Dunstan, Mike Harris to certify class Supplemental Motion for Class Certification 152 (Balabanian, Rafey)
IN THE UNITED STATES DISTRICT COURT
FOR THE NORTHERN DISTRICT OF ILLINOIS, EASTERN DIVISION
MIKE HARRIS and JEFF DUNSTAN,
individually and on behalf of a class of similarly
situated individuals,
)
)
)
)
)
Plaintiffs,
)
)
v.
)
)
COMSCORE, INC., a Delaware corporation,
)
)
)
Defendant.
)
__________________________________________)
Case No. 1:11-5807
Hon. James F. Holderman
Magistrate Judge Kim
PLAINTIFFS’ REPLY IN SUPPORT OF THEIR
SUPPLEMENTAL MOTION FOR CLASS CERTIFICATION
TABLE OF CONTENTS
I. INTRODUCTION....................................................................................................................1
II. ARGUMENT ............................................................................................................................2
A. Consent is a Common Issue to Plaintiffs and the Class That Predominates
Over Any Individual Issues comScore Tries to Invent ...................................................2
1. Consent is a common issue as comScore used uniform dialog boxes and
ULAs. .......................................................................................................................3
2. Assuming any Class member consented to monitoring, the disclosures and
ULA will determine whether permission extended to comScore. .............................6
3. Whether comScore exceeded any consent hinges on OSSProxy’s uniform
design and functionality. ..........................................................................................7
B. The Identification and Ascertainability of Class Members Relies on Objective
Criteria, Thus Supporting Predominance, Superiority, and Typicality. .......................9
C. None of comScore’s Claim-Specific Arguments, Asserted as Barriers to Rule
23(b)(3)’s Requirements, Can Defeat Certification of the Class and Subclass. ......... 11
1. The applicable statutory periods of limitations cannot defeat certification. .........11
2. Merits discovery will demonstrate that the $5,000 CFAA “damage or loss”
floor is met by the aggregated claims of the Class. ...............................................13
3. Any deficiencies in Plaintiffs’ claims for unjust enrichment are best cured
through subclasses, rather than by a denial of certification altogether.................14
4. A majority of courts have found that personal computers—the subject of
this case—are protected facilities under the SCA. .................................................14
5. comScore has already described the available statutory damages as
“meager” in this case, underscoring the superiority of class proceedings. ..........15
III. CONCLUSION .....................................................................................................................15
i
TABLE OF AUTHORITIES
UNITED STATES SUPREME COURT CASES:
Havens Realty Corp. v. Coleman, 455 U.S. 363 (1982) ................................................................12
UNITED STATES CIRCUIT COURT OF APPEALS CASES:
Barnes v. Am. Tobacco Co., 161 F.3d 127 (3d Cir. 1998).............................................................10
Butler v. Sears, Roebuck & Co., 702 F.3d 359 (7th Cir. 2012) .......................................................9
Cameron v. E. M. Adams & Co., 547 F.2d 473 (9th Cir. 1976) ....................................................12
Culver v. City of Milwaukee, 277 F.3d 908 (7th Cir. 2002) ..........................................................14
Deckard v. Gen. Motors Corp., 307 F.3d 556 (7th Cir. 2002) ........................................................7
Equip. Fin., LLC v. Hutchison, 487 F. App’x 25 (3d Cir. 2012) .....................................................6
Gene And Gene LLC v. BioPay LLC, 541 F.3d 318 (5th Cir. 2008) ...............................................3
In re Monumental Life Ins. Co., 365 F.3d 408 (5th Cir. 2004) ......................................................12
Johnson v. Meriter Health Servs. Employee Ret. Plan, 702 F.3d 364 (7th Cir. 2012) ..................14
Marcatante v. City of Chicago, Ill., 657 F.3d 433 (7th Cir. 2011) ..................................................5
Marcus v. BMW of N. Am., LLC, 687 F.3d 583 (3d Cir. 2012) .....................................................10
Murray v. GMAC Mortg. Corp., 434 F.3d 948 (7th Cir. 2006) ......................................................15
Nat’l Prod. Workers Union Ins. Trust v. Cigna Corp., 665 F.3d 897 (7th Cir. 2011).....................4
Stillmock v. Weis Mkts., Inc., 385 F. App’x 267 (4th Cir. 2010) ....................................................15
Suzlon Energy Ltd. v. Microsoft Corp., 671 F.3d 726 (9th Cir. 2011) ............................................5
Theofel v. Farey-Jones, 359 F.3d 1066 (9th Cir. 2004)...................................................................5
United States v. Steiger, 318 F.3d 1039 (11th Cir. 2003) ...............................................................15
United States v. Szymuszkiewicz, 622 F.3d 701 (7th Cir. 2010) ......................................................8
Waste Mgmt. Holdings, Inc., 208 F.3d 288 (1st Cir. 2000) ...........................................................12
ii
Williams v. Sinclair, 529 F.2d 1383 (9th Cir. 1975) ......................................................................12
UNITED STATES DISTRICT COURT CASES:
Boundas v. Abercrombie & Fitch Stores, Inc., 280 F.R.D. 408 (N.D. Ill. 2012) ................9, 10, 11
Brahmana v. Lembo, No. C-09-00106 RMW, 2009 WL 1424438 (N.D. Cal. May 20, 2009) .......8
CE Design v. Beaty Const., Inc., No. 07 C 3340, 2009 WL 192481 (N.D. Ill. Jan. 26, 2009)......10
Chance v. Ave. A, Inc., 165 F. Supp. 2d 1153 (W.D. Wash. 2001) ...............................................15
Cousineau v. Microsoft Corp., No. C11-1438-JCC, dkt. 38 (W.D. Wash. June 22, 2012) ...........15
DirecTV, Inc. v. Schulien, 401 F. Supp. 2d 906 (N.D. Ill. 2005) .....................................................8
Forman v. Data Transfer, Inc., 164 F.R.D. 400 (E.D. Pa. 1995) ....................................................3
G.M. Sign, Inc. v. Brink’s Mfg. Co.,
No. 09 C 5528, 2011 WL 248511 (N.D. Ill. Jan. 25, 2011) .................................................3
In re Apple & AT & TM Antitrust Litig., 596 F. Supp. 2d 1288 (N.D. Cal. 2008) ........................13
In re DoubleClick Inc. Privacy Litig., 154 F. Supp. 2d 497 (S.D.N.Y. 2001)...............................15
In re Intuit Privacy Litig., 138 F. Supp. 2d 1272 (C.D. Cal. 2001) ...............................................15
In re Subpoena To Huawei Techs. Co., 720 F. Supp. 2d 969 (N.D. Ill. 2010) ................................7
In re Toys R US, Inc. Privacy Litig,
No. 00-cv-2746, 2001 WL 34517252 (N.D. Cal. Oct. 9, 2001) ..................................13, 15
Kavu v.Omnipak Corp.¸ 246 F.R.D. 642 (W.D. Wash. 2007) .........................................................3
Kleiner v. First Nat. Bank of Atlanta, 97 F.R.D. 683 (N.D. Ga. 1983) ...........................................4
Lifanda v. Elmhurst Dodge, No. 99C5830, 2001 WL 755189 (N.D. Ill. July 2, 2011) ...................3
Seeger v. AFNI, Inc., No. 05-cv-0714, 2006 WL 2290763 (E.D. Wis. Aug. 9, 2006) ....................4
Shefts v. Petrakis, No. 10-CV-1104, 2011 WL 5930469 (C.D. Ill. Nov. 29, 2011) ........................8
Thompson v. Jiffy Lube Int’l, Inc., 250 F.R.D. 607 (D. Kan. 2008) ...............................................14
STATE COURT CASES:
Caligiuri v. First Colony Life Ins. Co., 742 N.E.2d 750 (Ill. App. Ct. 2000) ..............................6, 7
iii
Knickman v. Midland risk Servs.-Ill., Inc., 700 N.E.2d 458 (Ill. App. Ct. 1998) ........................ 6-7
People v. Bush, 157 Ill. 2d 248, 254, 623 N.E.2d 1361 (1993) .......................................................5
State Farm Fire & Cas. Co. v. Rixecker, 184 Ill. Appl. 3d 506, 540 N.E.2d 436 (1989) ...............6
MISCELLANEOUS:
Manual for Complex Litigation, § 21.222 (4th ed. 2004) ..............................................................10
iv
I. INTRODUCTION
comScore is in a difficult position. On the one hand, to argue that all panelists consented
to its monitoring, Defendant must embrace the underlying uniformity of this case—i.e., the
presentment of form disclosures and User License Agreements (“ULAs”) accompanying every
installation of OSSProxy, and the common design and operations of the software. On the other, if
it’s to have any chance of avoiding class certification, comScore must find ways to downplay the
legal significance of these uniform facts. No surprise, it tries to do just that.
comScore’s opposition brief ignores the uniformity of the Class members’ claims and
exaggerates the relevance of supposed individual issues. But contrary to comScore’s logic,
whether panelists provided consent is an entirely objective inquiry—contractual intent is derived
from the language of the agreement, not from the subjective mindset of the contracting parties.
As a result, rather than depending on what any Class member may have thought about
comScore’s authority to track their computing habits, the provision and scope of consent is the
same for everyone: comScore presented its tracking software—OSSProxy—to each Class
member in the same way, displayed to Class members the same ULAs and the same disclosures
in the process,1 and designed OSSProxy to function in the same manner on their computers. Put
simply, Plaintiffs and each Class member share the same experience when it comes to
comScore’s tracking software—rendering certification appropriate.
comScore’s other arguments fare no better. As established in Plaintiffs’ opening brief:
•
Rule 23 numerosity exists because there have been millions of installations of
OSSProxy onto the computers of consumers nationwide;
•
Rule 23 commonality and typicality exist because Plaintiffs and each Class member
downloaded OSSProxy from one of comScore’s bundling partners, each was
1
Except, of course, for the Subclass, which was not presented with the full ULA at installation.
(Pls. Br. at 3.) This qualification is presumed throughout this brief.
1
presented with a form ULA, each accepted the ULA through the same online process,
and each was subjected to the same “core” tracking software;
•
Adequacy of Representation exists. Neither the Plaintiffs nor Class Counsel has any
interest adverse to the Class. Class Counsel are experienced in class action litigation,
and will continue to vigorously represent the Class members’ interests;
•
Common issues predominate. comScore used uniform disclosures, uniform ULA
terms, a uniform installation process, and designed OSSProxy to perform the same
way on each panelist’s computer. Thus, the case resolves—in a single stroke—the
scope of any consent obtained and whether comScore exceeded that scope; and
•
Class proceedings are superior to the millions of individual suits that would need to
be (but would never be) filed to redress comScore’s unlawful practices.
Though comScore posits in its opposition brief that Plaintiffs’ “claims are not amenable
to class-wide resolution,” it hardly addresses Rule 23. Instead, Defendant argues only that:
•
Commonality and predominance can’t be satisfied because consent “is inherently an
individual, not a common, question”;
•
Individual, not common, questions (mainly focused on consent and the merits of
Plaintiffs’ claims) predominate;
•
Superiority isn’t satisfied because consent and class membership require individual
inquiries, and statutory damages are sufficient to incentivize individual lawsuits; and
•
the Class cannot be ascertained without a person-by-person analysis.
Each of comScore’s attacks fails. First, the form disclosures and ULAs, and identical
design and operation of OSSProxy, ensure that all issues of consent rise and fall on common
questions. Second, the simple question of whether OSSProxy was installed (i.e., it either was or
wasn’t), objectively identifies all Class members. And third, none of comScore’s claim-specific
attacks defeats certification. The Court should certify the Class and Subclass accordingly.
II. ARGUMENT
A. Consent is a Common Issue to Plaintiffs and the Class That Predominates Over
Any Individual Issues comScore Tries to Invent.
comScore primarily argues that Plaintiffs can’t satisfy Rule 23 commonality and
2
predominance because, supposedly, consent is “inherently an individual, not a common,
question.” (Def. Br. at 14.) But comScore neglects key facts—namely, that it used form
disclosures and a form ULA, which comScore presented to every installer of OSSProxy, and that
its software functioned the same way on each Class member’s computer. Ultimately, a merits
analysis will determine whether any Class member consented to (1) OSSProxy’s monitoring, (2)
the transmission of their data to comScore, and (3) the scope of OSSProxy’s data collection.
1. Consent is a common issue as comScore used uniform dialog boxes and ULAs.
comScore argues that determining Class member consent requires individualized
inquiries. Not true. comScore cites a single case for the assertion that “[c]onsent is a classmember-specific inquiry where . . . the defendant submits evidence showing that it elicited
consent from class members.” (Def. Br. at 25 (citing G.M. Sign, Inc. v. Brink’s Mfg. Co., No. 09
C 5528, 2011 WL 248511, at *8 (N.D. Ill. Jan. 25, 2011).) But nothing about G.M. Sign stands
for such a sweeping rule of law. Cf. Lifanda v. Elmhurst Dodge, No. 99-cv-5830, 2001 WL
755189, at *3 (N.D. Ill. July 2, 2011) (collecting cases) (“Courts in this Circuit have repeatedly
held that ‘claims arising out of form contracts are particularly appropriate for class action
treatment.”). Rather, G.M. Sign was decided “on the facts of [the] case” because, there, whether
the defendant had consent to send junk faxes required inquiries into its prior dealings with each
class member, not “generalized proof.” 2011 WL 248511, at *8 (i.e., “whether each . . . [gave]
permission or [had] an established business relationship with the defendant at the pertinent
time.”).2
Consent in this case, by contrast, doesn’t turn on prior dealings with comScore. Whether
2
Likewise, in Gene And Gene LLC v. BioPay LLC—relied upon by G.M. Sign—the Third Circuit
observed that consent can be commonly decided for cases advancing a “theory employing generalized
proof to establish liability.” 541 F.3d 318, 327-28 (5th Cir. 2008) (citing Forman v. Data Transfer, Inc.,
164 F.R.D. 400, 402 (E.D. Pa. 1995); Kavu v.Omnipak Corp., 246 F.R.D. 642, 645 (W.D. Wash. 2007)).
3
any consumer consented to monitoring requires a purely objective analysis of the written
disclosures and/or ULA supposedly presented to every installer of OSSProxy. These written
documents are uniform—both in terms of their content and presentation—and comScore has
offered no other explanation for how one might consent to monitoring (because there isn’t any).
Hence, consent does not turn on individual class members’ “different levels of understanding.”
(See Def. Br. at 15); Nat’l. Prod. Workers Union Ins. Trust v. Cigna Corp., 665 F.3d 897, 901-02
(7th Cir. 2011) (citation omitted) (“[i]n assessing whether contracting parties have mutually
assented to a contract . . . the parties’ subjective intentions are irrelevant”); see also Kleiner v.
First Nat. Bank of Atlanta, 97 F.R.D. 683, 692 (N.D. Ga. 1983) (“When viewed in light of Rule
23, claims arising from interpretations of a form contract appear to present the classic case for
treatment as a class action . . . .”) (collecting cases); Seeger v. AFNI, Inc., No. 05-cv-0714, 2006
WL 2290763, at *4-5 (E.D. Wis. Aug. 9, 2006) (finding adhesion contracts well-suited to class
certification). Thus, if OSSProxy’s actual functionality was not described through the disclosures
and ULA—or if an inaccurate description of its collection practices was used instead—then no
Class member (and, likewise, no “authorized user” installing OSSProxy on behalf of a Class
member (see Def. Br. at 20)), could have consented to monitoring. (See Pls. Br. at 22-23.)
The ULA itself drives this point home. The disclosures and ULA offer two (and only
two) assurances that “confidentially personally identifiable information” (“PII”) would not be
collected. First, that PII will be “filtered.” (See Def. Br. at 4.) Second, that inadvertently
collected PII will be “purged.” (See id.) But as noted earlier, (Pls. Br. at 13-14), and confirmed
by comScore’s opposition, (see Def. Br. at 8-10), and its Rule 30(b)(6) designee—who agreed
that “filtering and fuzzifying are two different things,” (Pls. Br. at 14)—OSSProxy wasn’t
designed to “filter” any PII (it all gets collected, while attempting to “fuzzify” or “obscure”
4
identified PII before transmission to comScore’s servers) or “purge” any inadvertently collected
PII (it is “manually obscured” if comScore employees catch it)—a process that, according to
comScore’s own expert, is “not accurately described” by the term “purged” (Pls. Br. at 15 n.25.)3
Thus, because comScore designed OSSProxy to collect data in a manner contrary to its
ULA’s express provisions (and failed to disclose material aspects of its actual monitoring and
collection practices) any consent arguably provided by panelists is vitiated. See Theofel v. FareyJones, 359 F.3d 1066, 1073 (9th Cir. 2004) (holding that “Section 2701(c)(1) [of the SCA] . . .
provides no refuge for a defendant who procures consent by exploiting a known mistake that
relates to the essential nature of his access”); cf. People v. Bush, 623 N.E.2d 1361, 1364 (Ill.
1993) (“If . . . the defendant gains access to the victim’s residence through trickery and deceit . . .
his entry is unauthorized and the consent given vitiated because the true purpose for the entry
exceeded the limited authorization granted.”). Whether the Court agrees with Plaintiffs’
interpretation will be a key merits determination. For now, it suffices that the answer turns on
these form documents and is common to the entire Class.
Finally, the outcome remains the same regardless of whether consent is evaluated under
an express written or implied-in-fact4 theory. comScore suggests that “if . . . [the] ULA is
unenforceable . . . [then] no evidence showing generalized consent or a lack thereof would be
available to the Court.” (Def. Br. at 19.) But this overlooks that because either approach will turn
3
At this point, these distinctions—i.e., the design of OSSProxy to neither filter nor purge PII—
have been conceded by comScore. Both were a focus of Plaintiffs’ opening brief (see Pls. Br. at 13-16),
but went unaddressed by comScore’s opposition. That concession is not all that surprising, given
comScore’s own selected terms (i.e., “filter” and “purge”) and the deposition testimony of its witnesses.
4
Of course, the uniform presentation and substance of these written documents show that no Class
member could have impliedly consented to comScore’s conduct. See Suzlon Energy Ltd. v. Microsoft
Corp., 671 F.3d 726, 731 (9th Cir. 2011) (no implied consent to disclose plaintiff’s records under ECPA
where plaintiff relied upon Hotmail’s written terms of service); see also Marcatante v. City of Chicago,
Ill., 657 F.3d 433, 440 (7th Cir. 2011) (citation omitted) (implied contracts “consist[] of obligations
arising from an agreement where an agreement has not been expressed in words”).
5
on the same “facts and circumstances” of OSSProxy’s download and installation (i.e., the
uniform contents and presentation of the disclosures and ULA), the resulting analysis remains
objective and uniform. See, e.g., Equip. Fin., LLC v. Hutchison, 487 F. App’x. 25, 28 (3d Cir.
2012) (citation omitted) (“stating that the existence and nature of an implied-in-fact contract is
determined by the parties’ ‘outward and objective manifestations of assent, as opposed to their
undisclosed and subjective intentions.’”). Moreover, because comScore had reason to know that
no panelist could have expressly consented to its wholly undisclosed data collection practices,
see supra § I.A.1, it cannot have “reasonably believed [it nevertheless] had some kind of implied
consent.” See State Farm Fire & Cas. Co. v. Rixecker, 540 N.E.2d 436, 438 (Ill. App. Ct. 1989).
As such, comScore cannot avoid the objective analysis accompanying all issues of consent
surrounding the download and installation of OSSProxy.
In time, comScore must contend with these form descriptions of OSSProxy’s operation.
Presently, it matters that the same documents were presented in the same way to potential
panelists, thus permitting an objective analysis of Class members’ consent (or lack thereof).
2. Assuming any Class member consented to monitoring, the disclosures and ULA
will determine whether permission extended to comScore.
With respect to the ULAs’ silence about comScore’s role, comScore insists that whether it
had any rights to enforce the ULA “is a complete red herring.” (Def. Br. at 15.) Defendant
reasons that a party that isn’t even mentioned in an agreement but purports to obtain customer
consent can enforce the agreement—because all that matters is that “[t]he ULA tells users about
the monitoring that will take place.” (Id.) Failing that, comScore asks the Court to presume that
its subsidiary companies (i.e., each ULA’s “sponsor”) were acting as its agents. (Id. (citing
Caligiuri v. First Colony Life Ins. Co., 742 N.E.2d 750, 756 (Ill. App. Ct. 2000).) 5
5
On this point, comScore seeks support from Knickman v. Midland risk Servs.-Ill., Inc., 700
6
Putative Class members never consented to the monitoring of their every online move
without caring who was watching. That point aside, the ULA expressly states that it’s between a
sponsoring corporation (never comScore) and an end user and that it creates no third party rights
(Pls. Br. at 10.) Thus, comScore’s rights (if any) as a party to the ULA is a common question of
fact. See Deckard v. Gen. Motors Corp., 307 F.3d 556, 561 (7th Cir. 2002). Further, it is a factual
question as to whether subsidiary companies (e.g., TMRG, Inc. or VoiceFive, Inc.) were acting as
agents—a question that comScore has not offered any evidence on—thus posing more questions
common to the Class. Caligiuri, 742 N.E.2d at 756. (“[U]nder both federal and Illinois law, the
existence and scope of an agency relationship are questions of fact.”); see also In re Subpoena
To Huawei Techs. Co., 720 F. Supp. 2d 969, 973 (N.D. Ill. 2010) (“the subsidiary-parent
relationship is insufficient, standing alone, to create the requisite agency relationship.”).
In any event, these questions are common and additionally determinative of comScore’s
liability. If comScore has no rights under the disclosures or ULA, then it will be hard-pressed to
show that Class members nevertheless consented to comScore’s monitoring.
3. Whether comScore exceeded any consent hinges on OSSProxy’s uniform design
and functionality.
comScore also asserts that “the question of whether comScore exceeded [any consent
given] is fraught with individualized questions,” because, essentially, every Class member uses
his computer differently. (Def. Br. at 21.) This gambit, however, overlooks several key points.
First, comScore’s “scope” inquiry isn’t even implicated until the two threshold questions
above are answered—i.e., whether any Class member consented to monitoring at all or by
comScore in particular. As these are merits questions, no “scope” argument bars certification.
N.E.2d 458, 461-62 (Ill. App. Ct. 1998). But Knickman is totally off-point. There, the Court discussed its
unsurprising inability to “find a case where the same entity,” there, a parent company, “has been held
liable on a contract for its breach [as a party to the contract] and also liable for the tort of interfering with
the contract [as a non-party to the contract].” Id. at 462.
7
Second, it is undisputed that OSSProxy was commonly designed to monitor for and
attempt to access (or intercept, etc.)6 the same information from every panelist. (See Pls. Br. at
12-13.) comScore’s liability under either the SCA or ECPA does not turn on whether such
information was in fact accessed or intercepted. Rather, the operative (and common) questions
are (1) for the SCA, whether comScore “put [itself] ‘in position to acquire the contents of’”
communications without authorization, see Shefts v. Petrakis, No. 10-CV-1104, 2011 WL
5930469, at *4-5 (C.D. Ill. Nov. 29, 2011) (finding “that it is not required that a defendant open
or read a communication in order to be in violation of § 2701”); and (2) for the ECPA, whether
comScore “endeavor[ed] to intercept . . . any wire, oral, or electronic communication,” 18 U.S.C.
§ 2511(1)(a); DirecTV, Inc. v. Schulien, 401 F. Supp. 2d 906, 912 (N.D. Ill. 2005) (“[Plaintiff]
can recover from the defendant under the ECPA if it can establish that defendant . . . endeavored
to intercept . . . the contents of its electronic communications[.]”).
Third, there is no dispute that certain information (such as the names of certain files
residing on computers) was collected from everyone. (See, e.g., Def. Br. at 7-8.) If such
collection goes beyond the scope of comScore’s limited authorization (i.e., on a merits analysis),
then liability follows with respect to every Class member.
Finally, even if comScore’s liability turns on the actual receipt of specific information
(such as, for example, PII related to online credit card transactions or iTunes/smartphone usage),
common questions of liability can still be answered even if decertification as to specific Class
6
In one sentence, comScore tells the Court (in a play to suggest that its actions avoid the ECPA’s
purview) that its software does not “intercept” communications between a panelist’s computer and third
parties. (Def. Br. at 7.) Of course, whether OSSProxy does “intercept” communications is a merits issue,
but it’s worth noting that courts considering this point have endorsed a broad reading of what it means to
“intercept” data under the ECPA. See, e.g., United States v. Szymuszkiewicz, 622 F.3d 701, 706 (7th Cir.
2010) (holding that under the ECPA the capture of data need not be “contemporaneous” with its
transmission to constitute an interception); Brahmana v. Lembo, No. C 09-00106 RMW, 2009 WL
1424438, at *3 (N.D. Cal. May 20, 2009) (an ECPA interception lies where software secretly records and
transmits key strokes).
8
members becomes necessary. See Butler v. Sears, Roebuck & Co., 702 F.3d 359, 362 (7th Cir.
2012) (noting that “[i]f necessary a determination of liability [on a class-wide basis] could be
followed by individual hearings . . . [especially where] the stakes in an individual case would be
too small to justify the expense of suing”). Here, claim forms could identify Class members with
valid claims—by requiring a member to attest, for example, that he made an online purchase
using a credit card or used iTunes to back up his smartphone after OSSProxy was installed.
In the end, the common facts of this case show that all questions of consent are
answerable on an objective basis for all Class members. The Class should be certified.
B. The Identification and Ascertainability of Class Members Relies on Objective
Criteria, Thus Supporting Predominance, Superiority, and Typicality.
Next, comScore contends that identifying Class members “swamps any common
questions in this case,” and precludes certification. (Def. Br. at 18.) In sum, while comScore
admits that it has a partial list of Class members, (id. at 27; see also Pls. Br. at 19 n. 27), it claims
that this case will require individual “determination[s] by a jury” to identify each Class member,
including Harris, who steps forward and for which comScore has no corroborating records. (Id.
at 18.) Such criticisms, however, miss the mark.
First, comScore’s position incorrectly presumes that the identity of all Class members
must be ascertained before class certification. A year ago, this exact issue was considered in
Boundas v. Abercrombie & Fitch Stores, Inc., 280 F.R.D. 408 (N.D. Ill. 2012). There, the
plaintiffs sought certification of a class that received “promotional gift cards [that were later]
voided . . . despite having credit remaining[.]” Id. at 411. The proposed class included both
individuals who currently held a gift card and those who had thrown one away, only a “small
proportion of [which could be] identified by [the defendant’s records.]” Id. at 417. In response to
defendant’s challenge (mirroring comScore’s in this case), Judge Feinerman explained:
9
It is enough that the class be ascertainable. The class in this case consists
primarily of individuals holding an Abercrombie promotional gift card whose
value was voided on or around January 30, 2010. That criterion is as objective as
they come. The class also includes individuals who threw away their cards
because they were told that the balances had been voided. That criterion is not as
objective as actually holding a physical card, but anybody claiming class
membership on that basis will be required to submit an appropriate affidavit,
which can be evaluated during the claims administration process. . . .
Id. at 417-18 (citing Manual for Complex Litigation § 21.222, at 270 (4th ed. 2004) (class
definition “must be precise, objective, and presently ascertainable”)).
The same reasoning applies here. Because ascertaining Class members relies on objective
criteria (each either had OSSProxy installed or they didn’t) ascertainability is satisfied. 7 See CE
Design v. Beaty Const., Inc., No. 07 C 3340, 2009 WL 192481, at *3-4 (N.D. Ill. Jan. 26, 2009)
(“A class is identifiable if its members can be ascertained by reference to objective criteria,”
including a “defendant’s conduct,” such as receiving an unsolicited fax). In fact, the complexity
of ascertaining Class members here is benign compared to Boundas. There, class members who
had thrown away their cards would have to swear (through an “affidavit procedure,” like that
anticipated by comScore (see Def. Br. at 18)) not just that they had possessed a gift card, but that
the card (i) had value on it when thrown away and (ii) was discarded in reliance upon the
defendant’s representations that it had expired. See Boundas, 280 F.R.D. at 417. Here, presently
unidentified Class members (i.e., those not appearing in comScore’s records) can simply swear
that OSSProxy was installed on their computers during the relevant time period. Finally,
affidavits from Class members, like those in Boundas, “can be evaluated during the claims
administration process” if Plaintiffs prevail at trial to address any remaining concerns. See id.
As for Harris, comScore’s contention that “[i]t is . . . unlikely . . . that Harris actually
7
These simple inquiries distinguish the Class definition from those in the Third Circuit cases cited
by comScore, which involved far less objective criteria, including whether a given individual was (1)
addicted to nicotine, Barnes v. Am. Tobacco Co., 161 F.3d 127, 134 (3d Cir. 1998), or (2) had a particular
tire go flat for a specific reason, Marcus v. BMW of N. Am., LLC, 687 F.3d 583, 603-04 (3d Cir. 2012).
10
downloaded comScore software” is not a serious challenge to the typicality of his claims. (See
Def. Br. at 18.)8 First, Harris testified that he downloaded OSSProxy along with a free
screensaver from the macupdate.com website in March of 2010. (See Dep. Tr. of Mike Harris
(“Harris Tr.”) at 82:5-11, excerpts of which are attached as Ex. A to the Thomassen Decl.).
Second, documents were produced to comScore—materials posted online by Harris minutes after
he downloaded and unwittingly installed OSSProxy—that describe in detail his own experiences
with the software.9 (See Thomassen Decl. at 3-4; see also Harris Tr. at 68:9-71:18, 74:20-25.)
Finally, it is a non-issue that Harris’s macupdate.com account “shows no records of any
downloads” because the macupdate.com site does not require (and did not require) users to “log
in” to their website accounts to download software. (Thomassen Decl. at ¶¶ 5-8.) While
comScore says it has no record of Harris in its system, the substantial and compelling evidence
corroborating his claims shows they are typical of the Class and Subclass.
C. None of comScore’s Claim-Specific Arguments, Asserted as Barriers to Rule
23(b)(3)’s Requirements, Can Defeat Certification of the Class and Subclass.
comScore also attacks Plaintiffs’ ability to certify specific claims. Its arguments fall apart.
1. The applicable statutory periods of limitation cannot defeat certification.
comScore contends that individual inquiries are required to determine whether any Class
8
Without challenging the typicality of Dunstan’s claims, comScore repeatedly suggests that his
wife downloaded the software. (See Def. Br. at 2, 11-12, 20, 29.) comScore tried to subpoena Dunstan’s
wife for deposition and threatened to subpoena Dunstan’s employer for documents. (See Pls. Br. at 26, n.
29.) But comScore abandoned its deposition of Dunstan’s wife and threat to subpoena his employers, so
it’s strange (not to mention improper) that it tries to raise the issue again. Plaintiffs’ counsel explained
that, at the time the software was downloaded, (1) Dunstan was not working and likely at home with
access to his computer, and (2) his wife was at work and had no access to Dunstan’s computer.
(Thomassen Decl. at ¶¶ 9-15.) In any event, even if Dunstan’s wife did download the software (an
apparent impossibility), its irrelevant as explained supra, Section I.A.1.
9
This issue is worth pausing on. comScore devotes significant time pointing out that neither
Dunstan nor Harris specifically remember installing OSSProxy. (Def. Br. at 28-29.) But that fact is
entirely consistent with Plaintiffs’ theory of the case—i.e., that the installation process for the bundled
version of OSSProxy is designed to conceal the fact that comScore’s software is being installed (Pls. Br.
at 5-10))—and supports the typicality of their claims.
11
member’s claim is time-barred for each of the asserted claims, subject to any relevant discovery
tolling rules. (Def. Br. at 21-22.) This argument—which is applicable to almost every claim
asserted on a class-wide basis—is not a bar to certification.
First, comScore cannot contest that individuals like the named Plaintiffs who installed
OSSProxy within two years before this case was filed are within any two-year period. (See Def.
Br. at 21 n.13.) comScore has no defense against these millions of individuals. (Pls. Br. at 20.)
Second, because comScore’s monitoring and collection practices were (and are) ongoing,
those Class members with OSSProxy still installed on their computers undoubtedly are within
any limitations period. See Havens Realty Corp. v. Coleman, 455 U.S. 363, 380 (1982).
Third, discovery demonstrates that the statutory periods were tolled for every Class
member until the filing of the complaint. Here, only discovery and expert analysis revealed that
the ULA’s and disclosures’ material promises (e.g., those relating to “filtering” and “purging”
PII) were never implemented by comScore in the first place. See supra, § I.A.1. Unless a given
Class member both reverse-engineered OSSProxy and managed to, somehow, glean information
from comScore’s technical staff regarding its post-collection practices, it’s highly unlikely that
anyone “knew or should have known” of a claim. (See Def. Br. at 21.)
Finally, courts have overwhelmingly held that individual statute of limitation defenses
present no barrier to certification “[g]iven a sufficient nucleus of common questions.” Cameron
v. E. M. Adams & Co., 547 F.2d 473, 478 (9th Cir. 1976) (quoting Williams v. Sinclair, 529 F.2d
1383, 1388 (9th Cir. 1975)); see also In re Monumental Life Ins. Co., 365 F.3d 408, 420-21 (5th
Cir. 2004) (citing Waste Mgmt. Holdings, Inc., 208 F.3d 288, 296 (1st Cir. 2000)) (“To hold that
each class member must be deposed as to precisely when, if at all, he learned of defendants’
practices would be tantamount to adopting a per se rule that civil rights cases involving
12
deception or concealment cannot be certified outside a two- or three-year period”).
Accordingly, comScore’s statute of limitations defense cannot defeat certification for any
individual Class members’ claim, much less prevent certification altogether.
2. Merits discovery will demonstrate that the $5,000 CFAA “damage or loss” floor
is met by the aggregated claims of the Class.
Perhaps trying to bootstrap previously overlooked Rule 12 arguments into its opposition,
comScore suggests that the millions of putative Class members cannot aggregate their claims to
reach the $5,000 “damage or loss” floor required by the CFAA, or that “plaintiffs have failed to
state any facts that could support a finding of economic loss.” (Def. Br. at 22-23.) But on the
issue of aggregation, courts routinely find that damages can be aggregated to reach the CFAA’s
$5,000 minimum. Thus, comScore’s argument (ill suited at the class certification stage) falters on
merits-based grounds anyway—yet is answerable on a class-wide basis. See, e.g., In re Toys R
US, Inc. Privacy Litig, No. 00-cv-2746, 2001 WL 34517252, *11 (N.D. Cal. Oct. 9, 2001); In re
Apple & AT & TM Antitrust Litig., 596 F. Supp. 2d 1288, 1308 (N.D. Cal. 2008). As for the
CFAA’s $5,000 floor, comScore runs ahead of the facts available to the Plaintiffs. Only after the
consumer complaints received by comScore are discoverable10 will Plaintiffs be able to
determine whether Class-wide losses, resulting from OSSProxy’s installation and operation, meet
the CFAA’s floor (e.g., presumably other Class members—like Dunstan, out of the millions
affected by comScore’s conduct—purchased software to remove OSSProxy and complained
about the same). This information, in turn, will answer whether comScore’s “conduct has caused
a loss to one or more persons . . . aggregating at least $5,000 in value in real economic damages.”
10
Although comScore initially agreed to produce these consumer complaints (Dkt. 67 at 11
(comScore agreeing that “[c]omplaints from Panelists about the issues raised in the Complaint” were
“appropriate for the initial phase of class discovery”)), it reneged on that promise (Dkt. 108 at 3
(“discovery requests regarding panelist complaints are irrelevant to the issue of class certification”)), and
Judge Kim ultimately denied Plaintiffs’ Motion to Compel production of those documents. (Dkt. 112.)
13
(Second Am. Compl. at ¶ 107 (Dkt. 161-1).) At this juncture, it suffices that every remaining
issue relating to Plaintiffs’ CFAA claim is merits-based and determinable on a class-wide basis.
3. Any deficiencies in Plaintiffs’ claims for unjust enrichment are best cured through
subclasses, rather than by a denial of certification altogether.
comScore rails against certification of the unjust enrichment claim. First, it asserts that
“federal courts have generally refused to certify a nationwide class based upon a theory of unjust
enrichment,” (Def. Br. at 25 (quoting Thompson v. Jiffy Lube Int’l, Inc., 250 F.R.D. 607, 626 (D.
Kan. 2008)), and second that “comScore did not receive any benefit” from anyone who was not
“a panelist for more than 30 days,” (id.). Neither argument defeats certification.
As an initial matter, two subclasses (e.g., under California and Illinois law) could be
certified. That practice is the clear preference of the Seventh Circuit, in lieu of refusing to certify
on the grounds of an overly broad class definition. See Johnson v. Meriter Health Servs. Emp.
Ret. Plan, 702 F.3d 364, 368 (7th Cir. 2012) (quoting Culver v. City of Milwaukee, 277 F.3d 908,
912 (7th Cir. 2002)) (“[T]he fact that a class is overbroad and should be divided into subclasses
is not in itself a reason for refusing to certify the case as a class action.”).
Second, comScore’s contention that it realizes no benefit from those Class members who
are panelists for less than 30 days is another clear merits issue. For one, even assuming that
comScore does not use “new” panelist data in its market reports, it benefits from such data
nonetheless—by way of refinement of its various algorithms, for example—thus meeting any
common law requirements for Plaintiffs’ unjust enrichment claim. Further, because those class
members affected meet specific, objective criteria (i.e., those who had OSSProxy installed for
less-than 30 days), any tension can be resolved by the creation of a subclass, rather than an
outright refusal to certify. See Johnson, 702 F.3d at 368.
Thus, comScore’s arguments do not preclude certification of the unjust enrichment claim.
14
4. A majority of courts have found that personal computers—the subject of this
case—are protected facilities under the SCA.
Next, comScore attempts to slip another Rule 12 argument under the radar, essentially
asserting that Plaintiffs cannot state a claim under the SCA because “[a] computer or device
belonging to an end-user of an ECS is not [a facility under the SCA].” (Def. Br. at 26 (citing
United States v. Steiger, 318 F.3d 1039, 1049 (11th Cir. 2003).) Not only is this a common
question for the entire class—all of whom downloaded comScore’s software to their personal
computers—but a host of federal courts disagree with comScore’s position. See, e.g., Chance v.
Ave. A, Inc., 165 F. Supp. 2d 1153, 1161 (W.D. Wash. 2001); In re Toys R Us, 2001 WL
34517252, at *2 n.7; In re Intuit Privacy Litig., 138 F. Supp. 2d 1272, 1275 n.3 (C.D. Cal. 2001);
accord In re DoubleClick Inc. Privacy Litig., 154 F. Supp. 2d 497, 509 (S.D.N.Y. 2001);
Cousineau v. Microsoft Corp., No. C11-1438-JCC, Dkt. 38 at 10-13 (W.D. Wash. June 22,
2012). Accordingly, comScore’s challenge cannot prevent certification.
5. comScore has already described the available statutory damages as “meager” in
this case, underscoring the superiority of class proceedings.
Finally, comScore suggests that the “significant” statutory remedies available to
individual class members make individual suits preferable. (Def. Br. at 28.) That argument is a
non-starter and would “make consumer class actions impossible.” See Murray v. GMAC Mortg.
Corp., 434 F.3d 948, 952 (7th Cir. 2006); see also Stillmock v. Weis Mkts., Inc., 385 F. App’x
267, 274 (4th Cir. 2010). Besides, comScore has already stated that “if class certification is
denied, Plaintiffs will settle or voluntarily withdraw their complaint because the statutory
damages at issue . . . are meager” and “are likely an insufficient motivation to litigate in the
absence of class certification.” (Dkt. 88 at 4, 8.) comScore cannot opportunistically change
positions as it sees fit. Here, certification is appropriate and preferable.
15
III.
CONCLUSION
For all these reasons, Plaintiffs’ Motion for Class Certification should be granted.
Dated: March 19, 2013
Respectfully submitted,
MIKE HARRIS AND JEFF DUNSTAN,
INDIVIDUALLY AND ON BEHALF OF A CLASS OF
SIMILARLY SITUATED INDIVIDUALS,
By: /s/ Rafey S. Balabanian
One of Plaintiffs’ Attorneys
Jay Edelson
Rafey S. Balabanian
Ari J. Scharg
Chandler Givens
Benjamin S. Thomassen
EDELSON LLC
350 North LaSalle, Suite 1300
Chicago, Illinois 60654
Telephone: (312) 589-6370
jedelson@edelson.com
rbalabanian@edelson.com
ascharg@edelson.com
cgivens@edelson.com
bthomassen@edelson.com
16
CERTIFICATE OF SERVICE
I, Rafey S. Balabanian, an attorney, certify that on March 19, 2013, I served the above
and foregoing Plaintiffs’ Reply Memorandum in Support of Their Supplemental Motion for
Class Certification, by causing true and accurate copies of such paper to be filed and transmitted
to all counsel of record via the Court’s CM/ECF electronic filing system, and further by causing
true and accurate copies of such paper to be transmitted to all counsel of record via electronic
mail, all on this 19th day of March 2013.
/s/ Rafey S. Balabanian
17
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?