Dunstan et al v. comScore, Inc.
Filing
186
MEMORANDUM Opinion and Order. Plaintiffs' motion for class certification 152 is granted in part and denied in part. The court hereby certifies the following Class and Subclass for purposes of resolving plaintiffs' SCA, ECPA, and CFAA claims: Class: All individuals who have had, at any time since 2005, downloaded and installed comScore's tracking software onto their computers via one of comScores third party bundling partners. Subclass: All Class members not presented with a functional hyperlink to an end user license agreement before installing comScore's software onto their computers.The court denies class certification for purposes of resolving the plaintiffs' common law unjust enrichment claims. A status hearing is set for 4/18/13 at 9:00 am to set further dates. Signed by the Honorable James F. Holderman on 4/2/2013:Notice mailed by judge's staff (ntf, )
<![CDATA[
IN THE UNITED STATES DISTRICT COURT
FOR THE NORTHERN DISTRICT OF ILLINOIS
EASTERN DIVISION
MIKE HARRIS and JEFF DUNSTAN,
Plaintiffs,
v.
COMSCORE, INC.,
Defendant.
)
)
)
)
)
)
)
)
)
No. 11 C 5807
MEMORANDUM OPINION AND ORDER
JAMES F. HOLDERMAN, Chief Judge:
In their Second Amended Complaint, plaintiffs Mike Harris and Jeff Dunstan allege, as
individuals and on behalf of a class of similarly situated individuals, that comScore, Inc.
(“comScore”) improperly obtained and used personal information from their computers after they
downloaded and installed comScore’s software. (Dkt. No. 169.) They assert violations of the
Stored Communications Act (“SCA”), 18 U.S.C. § 2701(a)(1), (2) (Count I), the Electronic
Communications Privacy Act (“ECPA”), 18 U.S.C. § 2511(1)(a), (d) (Count II), and the Computer
Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030(a)(2)(C) (Count III). They also assert a claim
for common law unjust enrichment (Count IV). Currently pending before the court is plaintiffs’
motion for class certification (Dkt. No. 152), which requests that the court certify the following
class and subclass:
Class: All individuals who have had, at any time since 2005, downloaded and
installed comScore’s tracking software onto their computers via one of comScore’s
third party bundling partners.
Subclass: All Class members not presented with a functional hyperlink to an end
user license agreement before installing comScore’s software onto their computers.
For the reasons explained below, that motion is granted in part and denied in part.
BACKGROUND 1
Defendant comScore, Inc. collects data about the activities of consumers on the internet,
analyzes the data, and sells it to its clients. (Dkt. No. 140, at 2.) ComScore gathers its data through
a program called OSSProxy, which, if installed on a computer, constantly collects data about the
activity on the computer and sends it back to comScore’s servers. (Dkt. No. 155, Ex. C, at 3-6.)
The OSSProxy software collects a variety of information about a consumer’s computer, including
the names of every file on the computer, information entered into a web browser, including
passwords and other confidential information, and the contents of PDF files. (Id.) ComScore has
been using OSSProxy in its current form, aside from immaterial variations, since 2005. (See Dkt.
No. 155, Ex. A, at 194:8-195:16 (explaining that in 2005 comScore stopped routing the
information from the consumers’ computers through proxy servers).)
One primary way that comScore distributes OSSProxy is through cooperation with
“bundlers” who provide free digital products to consumers on the internet. (Dkt. No. 155, Ex. D, at
6.) During the process of downloading the bundlers’ free software, the consumer has the
opportunity to download OSSProxy. (See id.) The process by which OSSProxy is presented to the
consumer is “materially identical,” regardless of which bundler provides the digital product the
consumer is downloading. (Id.) Specifically, during the installation of the free digital product, the
consumer is presented with a short statement (“the Downloading Statement”) regarding OSSProxy
under one of several brand names, including “RelevantKnowledge, PremierOpinion,
PermissionResearch, OpinionSquare, and MarketScore.” (Id. at 9-10; Dkt. No. 180 ¶ 34.) A
1
The parties do not dispute the key facts relevant to the class certification motion, nor do
they request an evidentiary hearing. The court therefore determines that an evidentiary hearing is
unnecessary. See Fed. R. Civ. P. 43(c).
2
representative Downloading Statement reads as follows:
In order to provide this free download, RelevantKnowledge software, provided by
TMRG, Inc., a comScore, Inc. company, is included in this download. This
software allows millions of participants in an online market research community to
voice their opinions by allowing their online browsing and purchasing behavior to
be monitored, collected, aggregated, and once anonymized, used to generate
market reports which our clients use to understand Internet trends and patterns and
other market research purposes. The information which is monitored and collected
includes internet usage information, basic demographic information, certain
hardware, software, computer configuration and application usage information
about the computer on which you install RelevantKnowledge. We may use the
information that we monitor, such as name and address, to better understand your
household demographics; for example, we may combine the information that you
provide us with additional information from consumer data brokers and other data
sources in accordance with our privacy policy. We make commercially viable
efforts to automatically filter confidential personally identifiable information and
to purge our databases of such information about our panelists when inadvertently
collected. By clicking Accept you acknowledge that you are 18 years of age or
older, an authorized user of the computer on which you are installing this
application, and that you have read, agreed to, and have obtained the consent of all
computer and TV users to the terms and conditions of the Privacy Statement and
User License Agreement.
(Id. at 10.) In general, underneath that message, the consumer is offered a link to the “Privacy
Statement and User License Agreement” (the “ULA”) 2 and two boxes reading “Accept” and
“Decline.” (Id.) The consumer must check either “Accept” or “Decline” before he may click
“Next” to proceed with downloading the free digital product. (Id.) OSSProxy will download and
install on the consumer’s computer only if the consumer checks “Accept.” (Id.) The free digital
product will download and install regardless of which box the consumer checks, although that fact
is not apparent to the consumer. (Id.)
The ULA, which is materially identical regardless of which bundler provides the digital
2
One of comScore’s partners offering the free digital products failed to offer a link to the
ULA for a short period of time. Consumers who downloaded that product are part of the proposed
Subclass, which includes all downloaders of comScore’s tracking software who were not
presented with a functional hyperlink to the ULA.
3
product the consumer is downloading, contains terms governing which information OSSProxy
will collect from the consumer’s computer and how that information will be used. (Dkt. No. 155,
Ex. A, at 127:10-12; 134:6-18.) Significantly, the ULA indicates that it is an agreement between
the consumer and a “sponsor”—usually another company connected in some way with
comScore—but, in most cases, also states that comScore will use the information collected. (See
Dkt. No. 155, Ex. I, at 1, 6.) The plaintiffs allege that comScore has exceeded the scope of the
consumer’s consent to monitoring in the ULA by, among other things:
•
designing its software to merely “fuzzify” or “obscure” confidential information
collected, rather than “mak[ing] commercially viable efforts to automatically filter”
that information (Dkt. No. 154, at 13-14);
•
failing to “make commercially viable efforts to purge” confidential information
that it does collect from its database (Dkt. No. 154, at 15-16);
•
intercepting phone numbers, social security numbers, user names, passwords, bank
account numbers, credit card numbers, and other demographic information (Dkt.
No. 155, Ex. C, at 2-6);
•
intercepting the previous 25 websites accessed by a consumer before installation of
comScore’s software, the names of every file on the consumer’s computer, the
contents of iPod playlists on the computer, the web browsing history of
smartphones synced with the computer, and portions of every PDF viewed by the
user during web browsing sessions (Id.);
•
selling the data collected from the consumer’s computer (Dkt. No. 154, at 24.)
(See also Dkt. No. 169 ¶¶ 35-63.)
Named plaintiffs Jeff Dunstan and Mike Harris each downloaded and installed OSSProxy
onto their computers after downloading a free digital product offered by one of comScore’s
bundlers. (Dkt. No. 155, Ex. P, No. 1; Dkt. No. 155, Ex. Q, No. 1.) Harris downloaded OSSProxy
on March 9, 2010, immediately noticed it, and tried to remove it. (Dkt. No. 176, Ex. P, at 83:14-16;
98:18-99:15; 103:24-104:10.) Harris asserts that he downloaded OSSProxy from the website
4
macupdate.com. (Dkt. No. 176, Ex. P, at 71:15-18.) Harris’s profile on that website indicates that
he never downloaded any programs (Dkt. No. 176, Ex. Q (listing the number of downloads as
zero)), but he may have downloaded the program without logging into his account (See Dkt. No.
185 ¶¶ 5-8). Harris no longer has the computer he used to download the OSSProxy software. (Dkt.
No. 176, Ex. P, at 43:19-44:4.)
Dunstan downloaded comScore’s OSSProxy software in September of 2010. (Dkt. No.
176, Ex. S, No. 6.) Dunstan alleges that OSSProxy caused his computer to lock up and interfered
with his internet access. (Id.) Dunstan used a program called “PC Tools Spyware Doctor” to
remove OSSProxy within about one day of downloading it. (Id.; Dkt. No. 176, Ex. T, No. 6.)
Dunstan’s computer may have been infected by viruses at the time that he downloaded OSSProxy,
which may also have contributed to his computer problems. (See Dkt. No. 176, Ex. U.) Dunstan’s
wife had access to his computer at the time of the download, and may have been the one who
initiated the download. (Dkt. No. 176, Ex. V., at 26:7-18.)
LEGAL STANDARD
The plaintiffs bear the burden of demonstrating that class certification is appropriate.
Oshana v. Coca-Cola Co., 472 F.3d 506, 513 (7th Cir. 2006). Class certification under Rule 23
involves two steps. First, the plaintiff’s claim must satisfy the numerosity, commonality,
typicality, and adequacy of representation requirements of Rule 23(a). Id. In addition to the four
explicit requirements listed in Rule 23(a), during the first step “[t]he plaintiff must also show that
the class is indeed identifiable as a class,” a requirement known as the “ascertainability”
requirement. Id. At the second step, the claim must meet one of the conditions of Rule 23(b). Id.
Here, the plaintiffs are proceeding under Rule 23(b)(3), which provides that a class action may be
5
maintained if “the court finds that the questions of law or fact common to class members
predominate over any questions affecting only individual members, and that a class action is
superior to other available methods for fairly and efficiently adjudicating the controversy.” Fed. R.
Civ. P. 23(b)(3).
ANALYSIS
For the reasons explained below, the court determines that the plaintiffs proposed Class
and Subclass cannot be certified with respect to the plaintiffs’ claims for state law unjust
enrichment. See Fed. R. Civ. P. 23(c)(4) (allowing the court to certify a class action with respect to
only particular issues). Specifically, the unjust enrichment claims do not satisfy the requirement of
Rule 23(b)(3) that a class action be superior to other available methods for fairly and efficiently
adjudicating the controversy. 3 The court will first explain why the common law unjust enrichment
claims cannot be certified, before explaining why the remaining claims can be certified for class
treatment.
I.
Unjust Enrichment
As many courts in this district have recognized, unjust enrichment claims are generally
unsuitable for class actions because they “pose insurmountable choice-of-law problems.” In re
Aqua Dots Prods. Liab. Litig., 270 F.R.D. 377, 386 (N.D. Ill. 2010) (Coar, J.). The cause of those
problems is that “the law of unjust enrichment varies too much from state to state to be amenable to
national or even to multistate class treatment.” Id.; see also Vulcan Golf, LLC v. Google Inc., 254
F.R.D. 521, 533 (N.D. Ill. 2008) (Manning, J.) (collecting cases). As a result, “federal courts have
generally refused to certify a nationwide class based upon a theory of unjust enrichment.”
3
The plaintiffs do not contend that the class should be certified under one of the other
provisions of Rule 23(b), so the court need not address them.
6
Thompson v. Jiffy Lube Int’l, Inc., 250 F.R.D. 607, 626 (D. Kan. 2008).
The choice-of-law problem is present here, because the proposed Class and Subclass are
not limited by geography and likely include plaintiffs from all 50 states, and even some foreign
countries. The plaintiffs propose no solution to allow the court to manage the variety of laws that
may be applicable to the Class, other than to suggest that the court certify two subclasses under
California and Illinois law. (Dkt. No. 184, at 19.) That solution is plainly inadequate in light of the
geographical diversity of the plaintiffs and the variation in applicable law. Accordingly, the court
determines that the plaintiffs have not met their burden of establishing that a class action is the
superior method for fairly and efficiently adjudicating this controversy. See Fed. R. Civ. P.
23(b)(3). The court therefore denies the class certification motion with respect to the unjust
enrichment claims.
II.
Certification of the Federal Statutory Claims
Each of the other three claims alleged in Counts I, II, and III of plaintiffs’ Second Amended
Complaint rely on federal statutes that provide protection against the unauthorized interception of
information from the plaintiffs’ computers. As relevant here, the SCA provides a private action
against any person who
(1) intentionally accesses without authorization a facility through which an
electronic communication service is provided; or
(2) intentionally exceeds an authorization to access that facility; and thereby
obtains, alters, or prevents authorized access to a wire or electronic communication
while it is in electronic storage in such system.
18 U.S.C. § 2701(a). The ECPA does the same with respect to any person who
a) intentionally intercepts, endeavors to intercept, or procures any other person to
intercept or endeavor to intercept, any wire, oral, or electronic communication; [or]
7
...
(d) intentionally uses, or endeavors to use, the contents of any wire, oral, or
electronic communication, knowing or having reason to know that the information
was obtained through the interception of a wire, oral, or electronic communication
in violation of this subsection
18 U.S.C. § 2511(1)(a). Finally, the Computer Fraud and Abuse Act creates a private right of
action against “[w]hoever . . . intentionally accesses a computer without authorization or exceeds
authorized access, and thereby obtains . . . information from any protected computer.” 18 U.S.C.
§ 1030(a)(2)(C). Each of the three statutes provides an exception to liability if the person obtaining
the information has the consent of the computer user. See 18 U.S.C. § 2701(c); 18 U.S.C.
§ 2511(2)(c); 18 U.S.C. § 1030(e)(6).
The court will now address in turn each of the requirements for class certification of those
federal statutory claims.
A.
Numerosity
Rule 23(a)(1)’s requirement that the class be “so numerous that joinder of all members is
impracticable is plainly met here. The total number of computers reporting data to comScore each
year with the OSSProxy program has run into the hundreds of thousands each year since 2008.
(Dkt. No. 155, Ex. B, No. 7.) In addition, evidence shows that OSSProxy was installed on millions
of computers between 2008 and 2011. (Id.) ComScore does not dispute that the number of
potential class members easily satisfies the numerosity requirement.
B.
Commonaltiy
Next, the plaintiffs must satisfy Rule 23(a)(2)’s requirement that “there are questions of
law or fact common to the class.” The plaintiffs need not establish multiple common questions at
this stage, because “for purposes of Rule 23(a)(2) even a single common question will do.”
8
Wal-Mart Stores, Inc. v. Dukes, 131 S. Ct. 2541, 2556 (2011) (citation, quotation marks, and
alterations omitted). In addition, “what matters to class certification is not the raising of common
‘questions’—even in droves—but, rather the capacity of a classwide proceeding to generate
common answers apt to drive the resolution of the litigation.” Id. at 2551 (citation, quotation
marks, and alteration omitted).
Here, the plaintiffs raise a variety of common questions that can be resolved on a classwide
basis. Most obviously, each Class member agreed to a form contract (made up of the ULA and the
Downloading Statement), as has each Subclass member (the Downloading Statement only). It is
well established that “claims arising from interpretations of a form contract appear to present the
classic case for treatment as a class action.” Keele v. Wexler, 149 F.3d 589, 594 (7th Cir. 1998)
(citation and quotation marks omitted); accord Lifanda v. Elmhurst Dodge, No. 99-cv-5830, 2001
WL 755189, at *3 (N.D. Ill. July 2, 2011) (Hibbler, J.) (“Courts in this Circuit have repeatedly held
that ‘claims arising out of form contracts are particularly appropriate for class action treatment.’”
(citations omitted)). Thus, for example, the question of whether comScore is a party to the ULA
and the Downloading Statement in light of the fact that it is not listed as a contracting party can be
resolved consistently for the entire class. Similarly, the question of what rights comScore has
under the ULA and the Downloading Statement as a third-party beneficiary to use the information
OSSProxy collects is common to the entire class. Yet another common question is the scope of the
consent the plaintiffs granted to comScore by agreeing to the ULA and the Downloading
Statement.
ComScore contends that the scope of consent will vary for each plaintiff depending on his
subjective understanding of the agreement and the surrounding circumstances. (Dkt. No. 177, at
9
15.) In support, comScore notes that at least under the ECPA, consent need not be explicit, but can
also be implied from the surrounding circumstances. See Shefts v. Petrakis, 758 F. Supp. 2d 620,
630 (C.D. Ill. 2010) (citing Williams v. Poulos, 11 F.3d 271, 281 (1st Cir. 1993)). But that rule has
no place where a party manifested consent through the adoption of a form contract. See Nat’l Prod.
Workers Union Ins. Trust v. Cigna Corp., 665 F.3d 897, 901 (7th Cir. 2011) (“In assessing whether
contracting parties have mutually assented to a contract, Illinois courts have long cautioned that
the parties’ subjective intentions are irrelevant. Rather, courts must evaluate mutual assent based
on the objective conduct of the parties.” (citation omitted)); Boundas v. Abercrombie & Fitch
Stores, Inc., 280 F.R.D. 408, 413-14 (N.D. Ill. 2012) (Feinerman, J.) (“Where there are objective
indicia of the contract’s terms . . . the manner in which parties become aware of a contractual
opportunity and their subjective perceptions of the resulting contract are not relevant.”). Here,
each Class member engaged in a substantively identical process to download OSSProxy, as did
each Subclass member (aside from not being presented with a link to the ULA). The scope of the
plaintiffs’ consent here is determined by that identical process, the ULA, and the Downloading
Statement, and is therefore common across the Class and Subclass, respectively.
Another common issue is whether OSSProxy’s data collection violates the terms of the
ULA and the Downloading Statement. The OSSProxy software operates in a substantively
identical fashion on all computers, regardless of the brand name under which it is distributed or the
operating system of the computer. (Dkt. No. 155, Ex. A, at 91:8-92:9; Dkt. No. 155, Ex. C, at 2.)
Thus, the software attempts to collect the same information from all computers, and the question of
whether that collection exceeds the scope of consent is common to all plaintiffs.
ComScore points out that OSSProxy will not collect certain categories of data from
10
plaintiffs who never input data in those categories into their computers. (Dkt. No. 177, at 16.) For
example, OSSProxy will not collect credit card numbers from plaintiffs who never input credit
card numbers into their computers, nor will it collect the contents of iTunes playlists from
plaintiffs who do not use the iTunes software.
ComScore is correct that the question of whether OSSProxy’s data collection exceeds the
scope of consent in certain respects may depend on the behavior of each individual plaintiff. But
other potential violations of the scope of consent are common to all plaintiffs regardless of
individual behavior, such as the allegation that OSSProxy collects the names of every file located
on a user’s computer and the names of the 25 websites the user visited prior to downloading
OSSProxy, or the allegation that OSSProxy exceeds the scope of consent by selling the data it
collects. Moreover, the plaintiffs need prove only one incident of OSSProxy exceeding the scope
of the consent to establish violations of the ECPA, the SCA, and the CFAA. It is thus likely that
this issue will also be resolved on a classwide basis. 4 The plaintiffs have demonstrated ample
issues common to the entire class to satisfy Rule 23(a)(2).
C.
Typicality
Next, the plaintiffs must demonstrate that “the claims or defenses of the representative
parties are typical of the claims or defenses of the class.” The typicality requirement is closely
related to commonality, and a “plaintiff’s claim is typical if it arises from the same event or
practice or course of conduct that gives rise to the claims of other class members and his or her
4
If litigation on the merits reveals that OSSProxy has not exceeded the scope of the
plaintiffs’ consent in a way common to the entire class, and if the court finds it necessary to
evaluate whether individual plaintiffs engaged in behavior subjecting them to OSSProxy’s
unauthorized collection of their information, the court may reevaluate its class certification
decision. See Fed. R. Civ. P. 23(c)(1)(C) (“An order that grants or denies class certification may be
altered or amended before final judgment.”).
11
claims are based on the same legal theory.” Keele, 149 F.3d at 595. Here, the plaintiffs assert that
both Dunstan and Harris downloaded the OSSProxy software onto their computers after
downloading a free digital product from one of comScore’s bundling partners. Both used a
substantively identical process to download OSSProxy, except that Harris was not presented with
a functioning hyperlink to the ULA, while Dunstan was. According to the plaintiffs, Harris’s
claims are thus typical of the Subclass, while Dunstan’s are typical of the Class.
In response, comScore provides a list of “unique problems” it believes arise in Harris’s and
Dunstan’s cases, making them atypical. (Dkt. No. 177, at 28-29.) Most of those problems relate to
the issue of whether Harris and Dunstan actually downloaded the OSSProxy software.
Specifically, despite Harris’s and Dunstan’s testimony that they downloaded OSSProxy,
comScore notes that neither Dunstan nor Harris specifically remembers downloading the free
digital product accompanying OSSProxy. (Dkt. No. 176, Ex. P, at 85:24-86:25; 91:2-9;
95:16-96:6; Dkt. No. 176, Ex. V, at 26:7-9; 30:6-24; 33:9-22.) In addition, Harris no longer owns
the computer he used to download OSSProxy, and his account on macupdate.com does not reflect
the download, 5 leaving no way to verify his testimony. (Dkt. No. 176, Ex. P, at 43:19-44:4; Dkt.
No. 176, Ex. Q.) Dunstan, on the other hand, testified that his wife used the same computer he did
(Dkt. No. 176, Ex. V, at 26:10-18), and comScore suggests that his wife may actually have
downloaded the software, rather than him.
All of these arguments are based on speculation. ComScore provides no actual evidence
showing that Harris and Dunstan did not download OSSProxy. Harris’s and Dunstan’s testimony
5
As mentioned above, Harris need not have been logged in to download the software (see
Dkt. No. 185 ¶¶ 5-8), so the absence of a record of the download associated with his account does
not show that he did not download the software.
12
that they downloaded OSSProxy is thus unrefuted, and provides ample evidence that their claims
are typical.
Next, comScore points out that Harris had OSSProxy installed on his computer for only a
short period. (Dkt. No. 176, Ex. P, at 103:24-104:10.) That fact is irrelevant to Harris’s ability to
represent the class, however, for the ECPA, the SCA, and the CFAA do not require a violation to
last for any particular length of time, and comScore does not explain how the length of a violation
might be relevant.
Finally, comScore points to Dunstan’s and Harris’s testimony that they each had problems
with their computers apart from the OSSProxy software (from viruses or age), and that OSSProxy
thus did not cause any decline in the performance of Dunstan’s and Harris’s computers. (Dkt. No.
176, Ex. P, at 109:12-25; Dkt. No. 176, Ex. V, at 40:16-22; 62:8-11.) That testimony is relevant, if
at all, only to the question of damages, and does not significantly alter the typicality of Dunstan’s
and Harris’s claims. Radmanovich v. Combined Ins. Co. of Am., 216 F.R.D. 424, 432 (N.D. Ill.
2003) (Alesia, J.) (stating that “the mere existence of factual differences will not preclude class
certification” so long as “the class members share the same essential characteristics”).
D.
Adequate Representation
The fourth requirement under Rule 23(a) is that the named plaintiffs will “fairly and
adequately protect the interests of the class.” To meet that requirement, the plaintiffs must show
that “(1) the representative does not have conflicting or antagonistic interests compared with the
class as a whole; (2) the representative is sufficiently interested in the case outcome to ensure
vigorous advocacy; and (3) class counsel is experienced, competent, qualified and able to conduct
the litigation vigorously.” Matthews v. United Retail, Inc., 248 F.R.D. 210, 215 (N.D. Ill. 2008)
13
(Castillo, J.) (citation and quotation marks omitted).
ComScore does not dispute that the adequacy requirement is met. In addition, the court is
not aware that Harris and Dunstan have any conflicting interests, Harris and Dunstan have
vigorously participated in this case thus far, and class counsel are qualified to represent the class.
The court determines that the adequacy requirement is met.
E.
Ascertainability
In addition to the four explicit requirements listed in Rule 23(a), “[t]he plaintiff must also
show that the class is indeed identifiable as a class.” Oshana, 472 F.3d at 513; see also Simer v.
Rios, 661 F.2d 655, 669 (7th Cir. 1981) (“It is axiomatic that for a class action to be certified a
‘class’ must exist.”). “An identifiable class exists if its members can be ascertained by reference to
objective criteria.” Lau v. Arrow Fin. Servs., LLC, 245 F.R.D. 620, 624 (N.D. Ill. 2007) (Guzman,
J.) (citation and quotation marks omitted). The Third Circuit has explained the purposes of the
ascertainability requirement:
The ascertainability requirement serves several important objectives. First, it
eliminates serious administrative burdens that are incongruous with the efficiencies
expected in a class action by insisting on the easy identification of class members.
Second, it protects absent class members by facilitating the best notice practicable
under Rule 23(c)(2) in a Rule 23(b)(3) action. Third, it protects defendants by
ensuring that those persons who will be bound by the final judgment are clearly
identifiable.
Marcus v. BMW of N. Am., LLC, 687 F.3d 583, 593 (3d Cir. 2012) (citations and quotation marks
omitted).
Here, the parties agree that comScore possesses contact information, in the form of e-mail
addresses, for some portion of the proposed Class and Subclass. (Dkt. No. 177, at 27; Dkt. No.
152, at 19 n.27.) That portion of the proposed Class and Subclass, at least, is readily ascertainable.
14
For the rest of the Class and Subclass, comScore asserts that the only way to determine class
membership is to require each alleged class member to submit an individual affidavit, which
comScore will be entitled to challenge. ComScore asserts that this process would be unwieldy.
ComScore is correct that it is sometimes improper to allow class membership to be
established only by the assertion of alleged class members without the corroboration of any of the
defendant’s records. Marcus, 687 F.3d at 594 (“We caution, however, against approving a method
that would amount to no more than ascertaining by potential class members’ say so.”); Sadler v.
Midland Credit Mgmt., Inc., No. 06 C 5045, 2008 WL 2692274, at *6 (N.D. Ill. July 3, 2008)
(Pallmeyer, J.) (denying class certification when defendant “would be required to evaluate the
individual facts of each account” in its records); see also Clavell v. Midland Funding LLC, No. 10–
3593, 2011 WL 2462046, at *4 (E.D. Pa. June 21, 2011); In re Wal–Mart Stores, Inc. Wage &
Hour Litig., No. C 06–2069, 2008 WL 413749, at *8 (N.D. Cal. Feb. 13, 2008); Deitz v. Comcast
Corp., No. C 06–06352, 2007 WL 2015440, at *8 (N.D. Cal. July 11, 2007). In cases in which the
burden of an affidavit procedure is likely to be minimal, however, courts have allowed portions of
a class to establish class membership by affidavit or claim form. Boundas, 280 F.R.D. at 417
(“[A]nybody claiming class membership on that basis will be required to submit an appropriate
affidavit, which can be evaluated during the claims administration process if Boundas prevails at
trial.”); see also Carrera v. Bayer Corp., No. 08-4716, 2011 WL 5878376, at *4 (D.N.J. Nov. 22,
2011). As a leading treatise explains: “Methods of claim verification may also vary with the ease
of documenting claims by individual members, and also with the size of the claims involved. A
simple statement or affidavit may be sufficient where claims are small or are not amenable to ready
verification.” Alba Conte & Herbert B. Newberg, 3 Newberg on Class Actions § 10:12 (4th ed. rev.
15
2012).
Here, the bulk of the class membership will likely be determined by comScore’s records,
making evaluation of any additional plaintiffs claiming membership by affidavit manageable. If
further litigation reveals that the portion of the class asserting membership by affidavit is
excessively large, the court can consider at that time whether to limit the class definition to only
those whose downloading of OSSProxy is reflected in comScore’s records. See Shvartsman v.
Apfel, 138 F.3d 1196, 1201 (7th Cir. 1998) (appropriate for district court to limit definition of
class).
F.
Rule 23(b)(3): Predominance and Superiority
Finally, the plaintiffs here must establish that “the questions of law or fact common to class
members predominate over any questions affecting only individual members, and that a class
action is superior to other available methods for fairly and efficiently adjudicating the
controversy.” Fed. R. Civ. P. 23(b)(3). Rule 23(b)(3) “tests whether proposed classes are
sufficiently cohesive to warrant adjudication by representation,” and is “far more demanding” than
Rule 23(a)’s commonality requirement. Amchem Prods., Inc. v. Windsor, 521 U.S. 591, 623
(1997).
Most of the issues that comScore alleges require individual adjudication and make
administration of a class action infeasible have already been addressed. The issue of whether each
individual plaintiff downloaded OSSProxy will be determined primarily by comScore’s records,
and if substantial individual adjudication is necessary the court will consider appropriate class
limitations. The issue thus presents no obstacle to class adjudication. In addition, the issues of
whether plaintiffs consented to OSSProxy’s data collection, the scope of that consent, and whether
16
comScore exceeded that consent can all be determined on a class basis, as described above. 6
ComScore also asserts that the statutes of limitations present individual issues that
preclude class certification. The CFAA, SCA, and ECPA all have two-year statutes of limitations
that do not begin to run until a plaintiff discovers the potential violation. See 18 U.S.C. § 1030(g)
(CFAA); 18 U.S.C. § 2707(f) (SCA); 18 U.S.C. § 2520(e) (ECPA). ComScore argues that
adjudication of most plaintiffs’ claims will thus require a case-by-case determination of when they
discovered comScore’s violation.
In practice, however, the statute of limitations issue is unlikely to present significant
difficulties. First, the issue only arises for plaintiffs who downloaded OSSProxy before August 23,
2009 (two years before this suit was filed). Second, comScore’s data collection is ongoing, so even
among those plaintiffs, all those who still have OSSProxy installed on their computer (or who had
it installed at any time after August 23, 2009) are within the limitations period. Third, it is unlikely
that any of the remaining plaintiffs were sufficiently aware of OSSProxy’s operations to trigger the
limitations period. Violations of the ECPA, SCA, and CFAA require only collecting information
without the plaintiffs’ consent. No plaintiff would be aware of the information OSSProxy was
collecting unless he analyzed the computer code of the program itself. Few potential class
members likely fall into this category. The statute of limitations issue thus does not provide reason
to deny class certification. Cf. In re Monumental Life Ins. Co., 365 F.3d 408, 420 (5th Cir. 2004)
(Smith, J.) (holding that the limitations issue does not preclude class certification in a civil rights
6
ComScore also asserts that the SCA applies only to “a facility through which an
electronic communication service is provided,” 18 U.S.C. § 2701(a)(1), and that personal
computers are not such “facilities.” (Dkt. No. 177, at 26.) The plaintiffs concede that every
member of the proposed Class and Subclass downloaded OSSProxy to his personal computer.
(Dkt. No. 184, at 15.) The issue of whether personal computers are “facilities” under the SCA,
which the court need not resolve at this time, is thus common to the entire class.
17
case when “[d]oubtless most class members . . . remain unaware of defendants’ discriminatory
practices” because “[t]o hold that each class member must be deposed as to precisely when, if at
all, he learned of defendants’ practices would be tantamount to adopting a per se rule that civil
rights cases involving deception or concealment cannot be certified outside a two- or three-year
period”).
In addition, comScore asserts that the issue of whether each individual plaintiff suffered
damage or loss from comScore’s actions precludes certification. That argument has no
applicability to the ECPA or SCA claims, both of which provide for statutory damages. 18 U.S.C.
§ 2520(c); 18 U.S.C. § 2707(c). The CFAA is different, however, in that it grants a civil action
only to “[a]ny person who suffers damage or loss.” 7 18 U.S.C. § 1030(g). In addition, in this case,
the plaintiffs must satisfy the requirement of 18 U.S.C. § 1030(c)(4)(A)(i)(I) that each actionable
offense lead to a “loss to 1 or more persons during any 1-year period . . . aggregating at least $5,000
in value.” 8
The Seventh Circuit has recently reiterated that individual factual damages issues do not
provide a reason to deny class certification when the harm to each plaintiff is too small to justify
resolving the suits individually:
7
Under the CFAA, damage means “any impairment to the integrity or availability of data,
a program, a system, or information,” 18 U.S.C. § 1030(e)(8), while loss refers to “any reasonable
cost to any victim, including the cost of responding to an offense, conducting a damage
assessment, and restoring the data, program, system, or information to its condition prior to the
offense, and any revenue lost, cost incurred, or other consequential damages incurred because of
interruption of service.” 18 U.S.C. § 1030(e)(11).
8
18 U.S.C. § 1030(g) provides that “[a] civil action for a violation of this section may be
brought only if the conduct involves 1 of the factors set forth in subclauses (I), (II), (III), (IV), or
(V) of subsection (c)(4)(A)(i).” Subclause (I) is the only subclause conceivably applicable. The
court need not decide at this stage whether 18 U.S.C. § 1030(c)(4)(A)(i)(I) allows class plaintiffs
to aggregate their damages to meet the $5000 requirement.
18
A class action is the more efficient procedure for determining liability and damages
in a case such as this, involving a defect that may have imposed costs on tens of
thousands of consumers yet not a cost to any one of them large enough to justify the
expense of an individual suit. If necessary a determination of liability could be
followed by individual hearings to determine the damages sustained by each class
member . . . . But probably the parties would agree on a schedule of
damages . . . . The class action procedure would be efficient not only in cost, but
also in efficacy, if we are right that the stakes in an individual case would be too
small to justify the expense of suing, in which event denial of class certification
would preclude any relief.
Butler v. Sears, Roebuck & Co., 702 F.3d 359, 362 (7th Cir. 2012) That rationale is applicable here
as well, where it is far more efficient to resolve all of the common issues in a single proceeding,
and then to hold individual hearings on damages if necessary, than it would be to litigate all of the
common issues repeatedly in individual trials. Id. at 363 (“The only individual issues—issues
found in virtually every class action in which damages are sought—concern the amount of harm to
particular class members. It is more efficient for the [common questions] to be resolved in a single
proceeding than for [them] to be litigated separately in hundreds of different trials . . . .”). 9 The
requirements of Rule 23(b)(3) are met as well.
CONCLUSION
For the reasons explained above, the plaintiffs’ motion for class certification (Dkt. No.
152) is granted in part and denied in part. The court hereby certifies the following Class and
9
The Supreme Court recently reversed a grant of class certification where “[q]uestions of
individual damage calculations will inevitably overwhelm questions common to the class.”
Comcast Corp. v. Behrend, No. 11-864, 2013 WL 1222646 (U.S. Mar. 27, 2013). The Supreme
Court’s holding came from its assumption, uncontested by the parties, that Rule 23(b)(3) requires
that damages must be measurable based on a common methodology applicable to the entire class
in antitrust cases. That assumption, even assuming it is applicable to privacy class actions in some
way, is merely dicta and does not bind this court. See id. at *9 (Ginsburg and Breyer, JJ.,
dissenting) (“[T]the decision should not be read to require, as a prerequisite to certification, that
damages attributable to a classwide injury be measurable on a class-wide basis.” (citation and
quotation marks omitted)).
19
Subclass for purposes of resolving plaintiffs’ SCA, ECPA, and CFAA claims:
Class: All individuals who have had, at any time since 2005, downloaded and
installed comScore’s tracking software onto their computers via one of comScore’s
third party bundling partners.
Subclass: All Class members not presented with a functional hyperlink to an end
user license agreement before installing comScore’s software onto their computers.
The court denies class certification for purposes of resolving the plaintiffs’ common law unjust
enrichment claims. A status hearing is set for 4/18/13 at 9:00 am to set further dates.
ENTER:
_______________________________
JAMES F. HOLDERMAN
Chief Judge, United States District Court
Date: April 2, 2013
20
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
