JON S. TIGAR, United States District Judge.
I. Background...1029
A. The App Store...1031
B. The Subject Apps...1032
C. Apple's Representations...1034
II. Legal Standards...1034
III. Apple's Motion to Dismiss...1036
A. Article III Standing...1036
B. Communications Decency Act...1042
C. Misrepresentation Claims...1045
D. California Comprehensive Computer Data Access and Fraud Act...1053
E. Strict Products Liability: Design Defect and Failure to Warn...1054
F. Negligence...1055
G. RICO...1055
H. Aiding and Abetting...1055
IV. App Defendants' Motions to Dismiss...1055
A. Article III Standing...1055
B. Plaintiffs' UCL Claims...1058
C. Invasion of Privacy: Intrusion Upon Seclusion...1058
D. Invasion of Privacy: Public Disclosure of Private Facts...1061
E. CDAFA and Computer Fraud and Abuse Act...1062
G. Texas and California Wiretap Statutes...1063
H. Texas Theft Liability Act...1064
I. RICO and Vicarious Liability...1064
V. Facebook and Gowalla's Motion to Dismiss...1064
A. Uniform Fraudulent Transfer Act...1065
B. Successor Liability...1066
C. Aiding and Abetting...1067
VI. Conclusion...1067
Before the Court are four motions to dismiss filed by Defendants in this action. The operative Consolidated Amended Class Action Complaint ("CAC"), ECF No. 362, collects the claims of fifteen plaintiffs
Plaintiffs bring this action on their own behalf, on behalf of an "iDevice Class," composed of all purchasers of Apple's iDevices between July 10, 2008 and the present who downloaded the App Defendants' apps, and on behalf of three subclasses: the "Malware Subclass," the "Address Book Subclass," and the "Texas Subclass." CAC ¶ 48. The Malware Subclass comprises those who downloaded the subject apps. The Address Book Subclass comprises those in the Malware Subclass whose iDevice, without requesting prior approval, "transmitted, disclosed, and/or disseminated the iDevice's mobile address book (or substantial portions thereof) over the Internet and/or to third-parties" due to the subject apps.
The CAC asserts several overlapping claims against different Defendants on behalf of different Plaintiffs. In total, the CAC asserts the following statutory claims: violation of California's Unfair Competition Law ("UCL"), Cal. Bus. & Prof.s Code § 17200, et seq.; violation of California's False and Misleading Advertising Law ("FAL"), Cal. Bus. & Prof.s Code § 17500, et seq.; violation of California's Consumer Legal Remedies Act ("CLRA"), Cal. Civ.Code § 1750, et seq.; violation of the California Comprehensive Computer Data Access and Fraud Act ("CDAFA"), Cal. Pen.Code § 502; violation of California's Wiretap/Invasion of Privacy Act, Cal. Pen.Code § 630, et seq.; violation of the Uniform Fraudulent Transfer
The following chart shows which claims each Plaintiff asserts against each Defendant:
Cause of Action On Behalf of Against 1 UCL All Plaintiffs Apple 2 UCL Opperman Plaintiffs Apple 3 UCL Plaintiffs Except App Defendants Pirozzi 4 FAL All Plaintiffs Apple 5 FAL Opperman Plaintiffs Apple 6 CLRA All Plaintiffs Apple 7 CLRA Opperman Plaintiffs Apple 8 Negligent Misrepresentation All Plaintiffs Apple 9 Negligent Misrepresentation Opperman Plaintiffs Apple
10 CDAFA Plaintiffs Except All Defendants Pirozzi 11 CFAA Plaintiffs Except App Defendants Pirozzi 12 ECPA Plaintiffs Except App Defendants Pirozzi 13 Wiretap/Invasion of Privacy Act CAD Plaintiffs 4 Foodspotting, Instagram, Path, Twitter, and Yelp 14 Texas Wiretap Acts Texas Plaintiffs5 App Defendants 15 Intrusion Upon Seclusion Opperman Plaintiffs App Defendants 16 Public Disclosure of Private Facts Opperman Plaintiffs App Defendants 17 Conversion Plaintiffs Except All Defendants Pirozzi 18 Trespass to Property Opperman Plaintiffs All Defendants 19 Texas Theft Liability Act Texas Plaintiffs App Defendants 20 Misappropriation Opperman Plaintiffs App Defendants 21 Strict Products Liability: Design Opperman Plaintiffs Apple Defect 22 Strict Products Liability: Failure to Opperman Plaintiffs Apple Warn 23 Negligence Plaintiffs Except All Defendants Pirozzi 24 Uniform Fraudulent Transfer Act Gowalla Plaintiffs Gowalla and Facebook 25 RICO Opperman Plaintiffs All Defendants 26 Secondary and Vicarious Liability Opperman Plaintiffs All Defendants
[
The following summary of Plaintiffs' allegations is taken from the complaint. As it must, the Court accepts the CAC's allegations as true for purposes of this motion.
Apple launched the App Store in 2008, and heavily promoted it in conjunction with its iDevices. CAC ¶ 57. The promotion was successful: the App Store today has over 700,000 apps for iPhone and iPod touch, and 275,000 apps for the iPad. Since 2008, customers have downloaded over forty billion apps. Id.
Apple maintains "exclusive domain" and "ultimate control" over the App Store's offerings. iDevices are designed only to accept apps from the App Store, and Apple decides which apps will be offered, and which will not. CAC ¶ 60. iDevices also come with pre-programmed apps built into the device's operating system. Among those apps is Apple's "Contacts" app — a virtual address book. The App Store is another one. CAC ¶ 61. Neither of these built-in apps can be removed by the user.
"Apple claims to review each application before offering it to its users, purports to have implemented apps privacy standards, and claims to have created a strong privacy protection for its customers." CAC
Apple is "notorious for complete control over its products." CAC ¶ 87. App developers must submit their apps to Apple for review, and Apple decides whether to offer them on the App Store. To be eligible for inclusion, third-party app developers must register with Apple and agree to the iOS Developer Agreement ("IDA") and the Program License Agreement ("PLA"), as well as pay a yearly registration fee. CAC ¶ 87-89. Apple reserves the right to reject apps for any reason, and has explicitly reserved the right to reject apps that breach the licensing agreements, provide Apple with inaccurate documents or information, or violate, misappropriate, or infringe the rights of a third party. CAC ¶ 90. After joining the program, app developers use Apple's software development kit ("SDK"), which provides guidelines and tools for app development. CAC ¶ 91.
The App Store Review Guidelines prohibit the transmission of user data without prior permission. CAC ¶¶ 101, 104. However, Plaintiffs allege that Apple's "iOS Human Interface Guidelines" encourage data theft. The guidelines are meant to guide developers as they create apps for the App Store. Apple tells developers, "don't force people to give you information you can easily find for yourself, such as their contacts or calendar information," and "[i]f possible, avoid requiring users to indicate their agreement to your [end user license agreement] when they first start your application. Without an agreement displayed, users can enjoy your application without delay." CAC ¶ 212 (emphasis omitted).
Plaintiffs allege that "Apple taught Program registrants' to incorporate forbidden data harvesting functionalities — even for private "contacts" — into their Apps and encouraged Program registrants to design those functions to operate in non-discernible manners that would not be noticed by the iDevice owner. These App Defendants, apparently in accord with Apple's instructions, did just that with their identified Apps." CAC ¶ 214.
Similarly, Plaintiffs allege: "Apple's Program tutorials and developer sites [] teach Program registrants how to code and build apps that non-consensually access, manipulate, alter, use and upload the mobile address books maintained on Apple iDevices." CAC ¶ 190.
Plaintiffs allege that each of the App Defendants developed an app that copied iDevice users' contact information without the user's consent. In February 2012, it was revealed that App Defendant Path's app, also called "Path," was uploading users' contacts and calendar information to its servers without users' knowledge. Path's CEO publicly apologized after the practice was made public. CAC ¶ 110.
Plaintiffs allege that several popular apps, including those designed by each App Defendant, have accessed and uploaded user data without consent. In some of these cases, the apps accessed user data without any prompt at all. See CAC ¶¶ 112, 136. Path is one such app. In other cases, the apps "surreptitiously accessed and uploaded information from users' Contacts app through a `Find Friends' feature without disclosing to users that the feature would leave their private information vulnerable to unauthorized download by the
The public revelations concerning third parties' access to users' private information led Congressmen Waxman and Butterfield to write to Apple and to thirty-four app publishers in February and March of 2012, asking for more information about the practice. CAC ¶¶ 115-17
The February letter to Apple noted that Apple's website at that time represented that iDevice apps "have access to a device's global data such as contacts in the Address Book," while Apple's review guidelines required app developers to gain users' permission prior to transmitting data about a user. CAC ¶ 115. The letter continues:
Id. In March 2012, Senator Schumer called for an investigation by the Federal Trade Commission. CAC ¶ 118. In September 2012, Apple released iOS 6, which updated privacy settings on iDevices in a manner that discloses which apps access users' contacts, calendars, reminders, photos, and other personal information, and allows users a way to prevent certain apps from accessing certain information. CAC ¶ 120.
The following chart outlines the apps each Plaintiff alleges he or she downloaded and deployed:
Plaintiff Angry Birds Angry Birds Cut The Rope Foodspotting Foursquare Gowalla Hipster Instagram Kik Messenger Path Twitter Yelp! Classic Alan Beuershasen X X X X Giuli Biondi X X X X Lauren Carter X Steve Dean X X X Stephanie Dennis-Cooley X X X X Jason Green X X X X X X Claire Hodgins X X X X Gentry Hoffman X X X X Rachelle King X X X X X X Nirali Mandaywala X X X X X X X Claire Moses X X Judy Paul X X X X X Maria Pirozzi X Theda Sandiford X X X X X X X Greg Varner X X X X X X
Plaintiffs allege that "Apple has repeatedly represented that Apple's products are safe and secure, and that private information could not be accessed by third-party apps without the user's express consent." CAC ¶ 64. Throughout the CAC, Plaintiffs identify representations Apple has made on its website, in in-store advertisements, and otherwise, to the effect that iOS is "highly secure," sometimes in particular with respect to the accessing of data by apps from other apps. See CAC ¶¶ 102-04, 121-123.
For example, when the App Store first launched, Apple's former CEO Steve Jobs explained, "[t]here are going to be some apps that we're not going to distribute. Porn, malicious apps, apps that invade your privacy." CAC ¶ 92. Plaintiffs allege that Apple repeated this refrain continuously during the launch of the App Store, and publicly took action consistent with these goals. See CAC ¶¶ 93-98. In October 2007, Jobs stated: "It will take until February to release an SDK because we're trying to do two diametrically opposed things at once — provide an advanced and open platform to developers while at the same time protect iPhone users from viruses, malware, privacy attacks, etc. As our phones become more powerful, these malicious programs will become more dangerous." CAC ¶ 94. At an SDK press conference on March 6, 2008, Jobs repeated that Apple would place limitations on third party apps for "malicious" and "illegal" content in order to address "privacy" concerns. CAC ¶ 93. Apple also "famously refused to integrate Adobe Flash technology" despite user demands. Jobs explained in April 2010 that this decision was made "because of reliability, security, and performance concerns." CAC ¶ 97. "In sum, Apple has attempted to cultivate a perception that its products are safe and that Apple strives to protect users." CAC ¶ 99.
In September 2011, Apple's website stated that "iOS 4 is highly secure from the moment you turn on your iPhone. All apps run in a safe environment, so a website or app can't access data from other apps." CAC ¶ 102. Apple also assured consumers that, for data-security purposes, "Applications on the device are `sandboxed' so they cannot access data stored by other applications." CAC ¶ 209.
Apple's "customer privacy policy" states that Apple takes "precautions — including administrative, technical, and physical measures — to safeguard your personal information against loss, theft, and misuse, as well as against unauthorized access, disclosure, alteration, and destruction." CAC ¶ 122.
Plaintiffs further allege that "[f]rom 2008 to the present, the highest levels of Apple (from its founder to its current CEO to its corporate spokespersons) have so consistently expressed publicly that Apple protects its customers' and iDevice owners' security and privacy that — though inaccurate — it is ingrained into the image of Apple's culture, products and offerings as well as in the minds of customers." CAC ¶ 211.
Plaintiffs allege they saw and relied on Apple's website, in-store advertisements, and television advertising in purchasing their iDevices, and that they would have paid less for their devices, or not purchased them at all, had they known they were vulnerable to privacy attacks. See CAC ¶ 125-26.
On a motion to dismiss, the Court accepts the material facts alleged in the complaint, together with all reasonable inferences to be drawn from those facts, as
To survive a motion to dismiss, a plaintiff must plead "enough facts to state a claim to relief that is plausible on its face." Bell Atlantic Corp. v. Twombly, 550 U.S. 544, 570, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007). Plausibility does not mean probability, but it requires "more than a sheer possibility that a defendant has acted unlawfully." Iqbal, 556 U.S. at 687, 129 S.Ct. 1937. "A claim has facial plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged." Id. In the Ninth Circuit, "[i]f there are two alternative explanations, one advanced by defendant and the other advanced by plaintiff, both of which are plausible, plaintiff's complaint survives a motion to dismiss under Rule 12(b)(6). Plaintiff's complaint may be dismissed only when defendant's plausible alternative explanation is so convincing that plaintiff's explanation is implausible." Starr, 652 F.3d at 1216 (original emphasis).
In addition, fraud claims are subject to a heightened pleading standard. "In alleging fraud or mistake, a party must state with particularity the circumstances constituting fraud or mistake." Fed. R.Civ.P. 9(b). The allegations must be specific enough to give a defendant notice of the particular misconduct alleged to constitute the fraud such that the defendant may defend against the charge. Semegen v. Weidner, 780 F.2d 727, 731 (9th Cir.1985). In general, allegations sounding in fraud must contain "an account of the time, place, and specific content of the false representations as well as the identities of the parties to the misrepresentations." Swartz v. KPMG LLP, 476 F.3d 756, 765 (9th Cir.2007). However, "[m]alice, intent, knowledge, and other conditions of a person's mind may be alleged generally." Fed.R.Civ.P. 9(b).
Finally, a "Rule 12(b)(1) jurisdictional attack may be facial or factual. In a facial attack, the challenger asserts that the allegations contained in a complaint are insufficient on their face to invoke federal jurisdiction. By contrast, in a factual attack, the challenger disputes the truth of the allegations that, by themselves, would otherwise invoke federal jurisdiction." Safe Air for Everyone v. Meyer, 373 F.3d 1035, 1039 (9th Cir.2004) (citation omitted). In resolving a facial attack, courts assume that the allegations are true, and draw all reasonable inferences in the plaintiff's favor. Wolfe v. Strankman, 392 F.3d 358, 362 (9th Cir. 2004) (citations omitted). "In resolving a factual attack on jurisdiction, the district court may review evidence beyond the complaint without converting the motion to dismiss into a motion for summary judgment. The court need not presume the truthfulness of the plaintiff's allegations. Once the moving party has converted the motion to dismiss into a factual motion by presenting affidavits or other evidence properly brought before the court, the party opposing the motion must furnish affidavits or other evidence necessary to satisfy its burden of establishing
Apple moves to dismiss all of Plaintiffs' claims on Article III standing grounds, as well as each of Plaintiffs' substantive claims for failure to state a claim upon which relief can be granted. Because Article III standing is a threshold jurisdictional question, the Court will first address Apple's Rule 12(b)(1) motion to dismiss on the grounds that Plaintiffs lack Article III standing. See Steel Co. v. Citizens for a Better Env., 523 U.S. 83, 94, 118 S.Ct. 1003, 140 L.Ed.2d 210 (1998).
To establish Article III standing, a plaintiff in federal court must meet three requirements. First, the plaintiff must have suffered an "injury in fact" — an invasion of a legally protected interest which is (a) concrete and particularized and (b) actual or imminent, not conjectural or hypothetical. Second, there must be a causal connection between the injury and the conduct complained of — the injury has to be fairly traceable to the challenged action of the defendant, and not the result of the independent action of some third party not before the court. Third, it must be likely, as opposed to merely speculative, that the injury will be redressed by a favorable decision. Lujan v. Defenders of Wildlife, 504 U.S. 555, 560-61, 112 S.Ct. 2130, 119 L.Ed.2d 351 (1992).
The standing requirements are not pleading requirements. Rather, "each element must be supported in the same way as any other matter on which the plaintiff bears the burden of proof, i.e., with the manner and degree of evidence required at the successive stages of the litigation." Id. at 561, 112 S.Ct. 2130. Nevertheless, "[a]t the pleading stage, general factual allegations of injury resulting from the defendant's conduct may suffice." Id. A "court's obligation to take a plaintiff at its word at that stage in connection with Article III standing issues is primarily directed at the injury in fact and causation issues, not redressability." Levine v. Vilsack, 587 F.3d 986, 996-97 (9th Cir.2009) (citing Lujan, 504 U.S. at 561, 112 S.Ct. 2130). "[I]t is within the trial court's power to allow or to require the plaintiff to supply, by amendment to the complaint or by affidavits, further particularized allegations of fact deemed supportive of plaintiff's standing." Warth v. Seldin, 422 U.S. 490, 501-02, 95 S.Ct. 2197, 45 L.Ed.2d 343 (1975).
In addition, even when a plaintiff is able to establish Article III standing, prudential considerations may preclude the exercise of federal jurisdiction. A plaintiff's claim must fall within the "zone of interests" sought to be protected by the statute or constitutional provision in question. Bond v. United States, ___ U.S. ___, 131 S.Ct. 2355, 2366-67, 180 L.Ed.2d 269 (2011). That claim must be based on the plaintiff's own legal rights and interests rather than the legal rights or interests of third parties. Elk Grove Unified School Dist. v. Newdow, 542 U.S. 1, 15 n. 7, 124 S.Ct. 2301, 159 L.Ed.2d 98 (2004). And the injury must be individualized, or confined to a discrete group; courts will not adjudicate "`abstract questions of wide public significance'" amounting only to "`generalized grievances.'" Valley Forge Christian College v. Americans United for Separation of Church & State, Inc., 454 U.S. 464, 474-75, 102 S.Ct. 752, 70 L.Ed.2d 700 (1982) (quoting Warth, 422 U.S. at 499-50, 95 S.Ct. 2197).
Finally, in a class action, it is not sufficient for any named plaintiff to rely on
Despite the presence of fifteen named Plaintiffs and fifteen Defendants, and the assertion of twenty-six causes of action, Plaintiffs' case is rather simple. Plaintiffs allege that Apple sold them devices that made it possible for third parties to access and copy Plaintiffs' address books without their knowledge. Plaintiffs allege, with respect to Apple, that they suffered injury in the form of having overpaid for their iDevices, because they would have paid less for their devices, or not purchased them at all, if Apple had disclosed that it had failed adequately to secure the devices from the alleged intrusion.
In denying Apple's second motion to dismiss Plaintiff Pirozzi's
Nevertheless, Apple argues that Plaintiffs have not satisfied the causation requirement because no Plaintiff has identified the specific representations made by Apple that form the basis of their overpayment theory of liability. The CAC makes the following allegations concerning Apple's alleged misrepresentations and Plaintiffs' reliance:
CAC ¶ 32.
Apple's standing argument fails to appreciate that "the threshold question of whether plaintiff has standing (and the court has jurisdiction) is distinct from the merits of his claim. Rather, `[t]he jurisdictional question of standing precedes, and does not require, analysis of the merits.'" Maya v. Centex Corp., 658 F.3d 1060, 1068 (9th Cir.2011) (quoting Equity Lifestyle Props., Inc. v. Cnty. of San Luis Obispo, 548 F.3d 1184, 1189 n.10 (9th Cir.2008)). In other words, it is possible that Plaintiffs may file a civil action "`without suffering dismissal for want of standing to sue,'" even though they are "[un]able to assert a cause of action successfully."
For the Court to have jurisdiction over Plaintiffs' claims, their alleged injury must be "`fairly traceable'" to Apple, and not the result of the "`independent action of some third party not before the court.'" Lujan v. Defenders of Wildlife, 504 U.S. 555, 560-61, 112 S.Ct. 2130, 119 L.Ed.2d 351 (1992) (quoting Simon v. Eastern Ky. Welfare Rights Organization, 426 U.S. 26, 41-42, 96 S.Ct. 1917, 48 L.Ed.2d 450 (1976)). Plaintiffs' claims meet that requirement: Plaintiffs allege that Apple misled them through its advertising and failed to disclose material information, that each Plaintiff relied on these misrepresentations or nondisclosures, and that each Plaintiff overpayed for Apple's products. The requirements to allege standing are not the same as the requirements to plead injury under the substantive law. See Low v. LinkedIn Corp., 900 F.Supp.2d 1010, 1027 (N.D.Cal.2012) (holding plaintiffs satisfied Article III standing even though they had failed to allege reliance on particular representations, and even though their FAL claims were dismissed with prejudice on that basis).
Apple makes several more arguments concerning the merits of Plaintiffs' claims, including that Plaintiffs have failed to allege their address books were actually uploaded,
Finally, relying on In re LinkedIn User Privacy Litig., 932 F.Supp.2d 1089, 1094 (N.D.Cal.2013), Apple argues that an overpayment claim cannot survive without an allegation of "something more" than overpaying for a defective product, such as an allegation that the address books were actually stolen. In LinkedIn, the court held that, "in cases where the alleged wrong stems from allegations about insufficient performance or how a product functions, courts have required plaintiffs to allege `something more' than `overpaying for a "defective" product.'" In re LinkedIn User Privacy Litig., 932 F.Supp.2d 1089, 1094 (N.D.Cal.2013) (citing In re Toyota Motor Corp., 790 F.Supp.2d 1152, 1165 n. 11 (C.D.Cal.2011)).
Apple misreads LinkedIn and the cases upon which the LinkedIn court relied. The deficiency in the LinkedIn plaintiffs' standing was that they were pleading only a difference between what they had been promised by LinkedIn and what they had received, i.e., a breach of contract. In re LinkedIn User Privacy Litig., 932 F.Supp.2d 1089, 1094 (N.D.Cal.2013) ("Plaintiffs cannot rely solely on the `benefit of the bargain' theory of economic harm to sufficiently meet the requirements for Article III standing"). They did not allege that they had suffered any other separate injury.
More relevant here is the decision in In re Toyota Motor Corp., 790 F.Supp.2d 1152, 1165 (C.D.Cal.2011), on which the
Id. at 1165 n. 11.
Here, the Court finds that Plaintiffs' allegations concerning the offending feature of the product — design that enables third parties to take address book information without consent — supply the "something more" that is required. Whether Plaintiffs' product liability claims state a claim upon which relief can be granted is a separate question the Court addresses below.
Separately, Plaintiffs allege injury-in-fact to their property rights in their address books, as distinct from the economic injury of overpayment for their iDevices, as support for their common law conversion and trespass claims. The Court discusses this allegation in connection with the App Defendants' motion to dismiss in more detail infra, Part IV.A. For the reasons discussed in that section, the Court finds that Plaintiffs lack Article III standing based on any injury to their property rights in their address books. For this reason, the Court will dismiss Plaintiffs' common law claims against Apple for conversion and trespass.
Apple also argues that the non-resident Plaintiffs lack standing to assert California statutory claims. That argument "conflate[s] two issues: the extraterritorial application of California consumer protection laws (or the ability of a nonresident plaintiff to assert a claim under California law), and choice-of-law analysis...." Forcellati v. Hyland's, Inc., 876 F.Supp.2d 1155, 1160 (C.D.Cal.2012). "Whether a nonresident plaintiff can assert a claim under California law is a constitutional question based on whether California has sufficiently significant contacts with the plaintiff's claims." Id. (citing Mazza v. American Honda Motor Co., 666 F.3d 581, 589 (9th Cir.2012)). In Mazza, for example, "California ha[d] a constitutionally sufficient aggregation of contacts to the claims of each putative class member ... because Honda's corporate headquarters, the advertising agency that produced the allegedly fraudulent misrepresentations, and one fifth of the proposed class members [were] located in California."
Apple's arguments here were recently rejected by Judge Wilken in another case arising out of Apple's marketing activities. See In re iPhone 4S Consumer Litig., No. 12-cv-1127-CW, 2013 WL 3829653, at *7-8 (N.D.Cal. July 23, 2013). There, the plaintiffs "alleged that their injuries were caused by Apple's wrongful conduct in false advertising that originated in California." Id. at *7. Judge Wilken noted that the presumption against the extraterritoriality of California law does not apply where the misconduct occurs in California. See Wershba v. Apple Computer, Inc., 91 Cal.App.4th 224, 243, 110 Cal.Rptr.2d 145 (2001) (California statutes apply to "non-California members of a nationwide class where the defendant is a California corporation and some or all of the challenged conduct emanates from California."). Judge Wilken also distinguished In re Apple & AT & T iPad Unlimited Data Plan Litig., 802 F.Supp.2d 1070, 1076 (N.D.Cal.2011), upon which Apple also relies here, because in that case, unlike here, a contractual choice-of-law clause selected the law of each customer's state of residence. The Court agrees with Judge Wilken's careful analysis in the iPhone 4S decision.
Apple relies heavily on Sullivan v. Oracle Corp., 51 Cal.4th 1191, 1209, 127 Cal.Rptr.3d 185, 254 P.3d 237 (2011), for support. Sullivan concerned an overtime claim asserted under the unlawful prong of the UCL, the predicate offense for which was a violation of the federal Fair Labor Standards Act ("FLSA").
The Court notes that Apple has not argued that the Court should apply the law of each plaintiff's home state to her claims, and the Court does not reach the question of whether it should. The Court only concludes that it is constitutional for
Apple moves to dismiss all of Plaintiffs' claims against it, except those premised on Apple's alleged misrepresentations, on the ground that the Communications Decency Act ("CDA"), 47 U.S.C. § 230, bars Plaintiffs' claims. Section 230(c)(1) provides: "No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider." Section 230(c)(2) provides:
Pursuant to the Act, an "interactive computer service" is "any information service, system, or access software provider that provides or enables computer access by multiple users to a computer server, including specifically a service or system that provides access to the Internet and such systems operated or services offered by libraries or educational institutions." 47 U.S.C. § 230(f)(2). An "information content provider" is "any person or entity that is responsible, in whole or in part, for the creation or development of information provided through the Internet or any other interactive computer service." 47 U.S.C. § 230(f)(3).
Congress enacted these provisions as part of the Communications Decency Act of 1996 "for two basic policy reasons: to promote the free exchange of information and ideas over the Internet and to encourage voluntary monitoring for offensive or obscene material. Carafano v. Metrosplash.com, Inc., 339 F.3d 1119, 1122 (9th Cir.2003). "In light of these concerns, reviewing courts have treated § 230(c) immunity as quite robust, adopting a relatively expansive definition of `interactive computer service' and a relatively restrictive definition of `information content provider.' Under the statutory scheme, an `interactive computer service' qualifies for immunity so long as it does not also function as an `information content provider' for the portion of the statement or publication at issue." Id. at 1123 (footnotes omitted).
Nevertheless, neither section 230(c) nor any other subsection in the CDA "declares a general immunity from liability deriving from third-party content." Barnes v. Yahoo!, Inc., 570 F.3d 1096, 1100 (9th Cir.2009). Instead, to determine whether the CDA operates as a bar to civil liability, courts must determine whether "a plaintiff's theory of liability would treat a defendant as a publisher or speaker of third-party content." Id. at 1101. "[W]hat matters is not the name of the
Determining whether a defendant is a "publisher" requires further definition of that term. The Ninth Circuit has held that "publication involves reviewing, editing, and deciding whether to publish or to withdraw from publication third-party content." Id. at 1102. "[A] publisher reviews material submitted for publication, perhaps edits it for style or technical fluency, and then decides whether to publish it." Id. Despite Plaintiffs' arguments to the contrary,
By contrast, the CDA does not bar claims against "information content providers." An entity "that is responsible, in whole or in part, for the creation or development" of the allegedly offending information is not entitled to the CDA's protection. "Development" refers "not merely to augmenting the content generally, but to materially contributing to its alleged unlawfulness." Fair Hous. Council of San Fernando Valley v. Roommates.Com, LLC, 521 F.3d 1157, 1167-68 (9th Cir.2008). Thus, "providing neutral tools to carry out what may be unlawful or illicit searches does not amount to `development' for purposes of the immunity exception." Id. at 1169. Nor does inoffensive editing for spelling errors, removing obscenity, or trimming for length. However, "a website operator who edits in a manner that contributes to the alleged illegality — such as by removing the word `not' from a user's message reading `[Name] did not steal the artwork' in order to transform an innocent message into a libelous one — is directly involved in the alleged illegality and thus not immune." Id.
Prior to the relation of Plaintiff Pirozzi's action against Apple to the above-captioned Opperman action, Apple moved to dismiss Pirozzi's claims pursuant to the same provisions of the CDA. Judge Gonzalez Rogers denied Apple's motion on two bases. First, she found that Pirozzi's fraud and misrepresentation claims against Apple arising out of Apple's conduct or failure to disclose were "not predicated solely upon Apple's approving and distributing Apps via its online App Store." Pirozzi v. Apple Inc., 913 F.Supp.2d 840, 849 (N.D.Cal.2012). Thus, the CDA did not bar those claims. Second, the court held that it was premature to consider the application of the CDA at the pleading stage based on the "scant record" then before the court because "if Apple is responsible for the `creation or development of [the]
Here, Apple expressly excludes from its CDA argument any application to Plaintiffs' fraud and misrepresentation claims, in recognition of Judge Gonzalez Rogers' first conclusion. With respect to her second conclusion, Apple argues that the CAC, which reproduces many of the allegations in Pirozzi and supplements them with others, contains sufficient allegations from which the Court can now conclude that the CDA bars the remainder of Plaintiffs' claims against Apple. Plaintiffs again maintain that resolution of the CDA issue must await a later stage of the case.
The cases do not describe a one-size-fits all rule for when to apply the CDA. In some cases the applicability of the CDA is "apparent from the face of the complaint"; in others, it is not. Evans v. Hewlett-Packard Co., No. 13-cv-02477-WHA, 2013 WL 5594717, at *3 (N.D.Cal. Oct. 10, 2013) (quoting Goddard v. Google, Inc., 640 F.Supp.2d 1193, 1200 n. 5 (N.D.Cal.2009)). Here, the Court need not await further discovery before addressing Apple's CDA argument, because the CAC already pleads sufficient conduct to classify Apple as an "information content provider" whose conduct is not protected by the CDA.
For example, Plaintiffs allege that Apple's "iOS Human Interface Guidelines" encourage data theft. The guidelines are meant to guide developers as they create apps for the App Store. Among the guidelines are several suggestions that do, on their face, appear to encourage the practices Plaintiffs complain of in this case. For example, Apple tells developers, "don't force people to give you information you can easily find for yourself, such as their contacts or calendar information," and "[i]f possible, avoid requiring users to indicate their agreement to your [end user license agreement] when they first start your application. Without an agreement displayed, users can enjoy your application without delay." CAC ¶ 212 (emphasis omitted). Based on these passages from the guidelines, Plaintiffs allege: "Apple taught Program registrants' to incorporate forbidden data harvesting functionalities — even for private "contacts" — into their Apps and encouraged Program registrants to design those functions to operate in non-discernible manners that would not be noticed by the iDevice owner. These App Defendants, apparently in accord with Apple's instructions, did just that with their identified Apps." CAC ¶ 214. Similarly, Plaintiffs allege: "Apple's Program tutorials and developer sites [] teach Program registrants how to code and build apps that non-consensually access, manipulate, alter, use and upload the mobile address books maintained on Apple iDevices." CAC ¶ 190.
These allegations target conduct that goes beyond the traditional editorial functions of a publisher, and beyond providing "neutral tools to carry out what may be unlawful or illicit" conduct.
Apple groups as "misrepresentation claims" Plaintiffs' UCL, FAL, CLRA, and negligent misrepresentation claims. Apple argues that each claim fails as a matter of law because, according to Apple, "not once in the 166-page pleading does a single Plaintiff identify any specific misrepresentation that he or she actually saw and relied upon in purchasing an Apple device." ECF No. 395 at 23.
Plaintiffs' misrepresentation claims are subject to Rule 9(b)'s requirement that fraud claims be pleaded with particularity.
Plaintiffs must also adequately plead injury and causation. To have standing under the UCL, a plaintiff must have suffered an injury in fact and "lost money or property as a result of such unfair competition." Hall v. Time Inc., 158 Cal.App.4th 847, 849, 70 Cal.Rptr.3d 466 (2008). The standing requirement is substantially similar in this context for Plaintiff's CLRA and FAL claims.
Nevertheless, "[w]hile a plaintiff must show that the misrepresentation was an immediate cause of the injury-producing conduct, the plaintiff need not demonstrate it was the only cause." In re Tobacco II Cases, 46 Cal.4th 298, 326, 93 Cal.Rptr.3d 559, 207 P.3d 20 (2009). "Moreover, a presumption, or at least an inference, of reliance arises wherever there is a showing that a misrepresentation was material." Engalla v. Permanente Med. Grp., Inc., 15 Cal.4th 951, 977, 64 Cal.Rptr.2d 843, 938 P.2d 903 (1997). A misrepresentation is material if a reasonable person "would attach importance to its existence or nonexistence in determining his choice of action in the transaction in question"; materiality is therefore ordinarily a question of fact unless the "fact misrepresented is so obviously unimportant that the jury could not reasonably find that a reasonable man would have been influenced by it." Id. (quotations and citations omitted).
In many consumer fraud cases, courts require a plaintiff to identify and describe the specific alleged misrepresentations that each plaintiff saw or heard, and upon which each plaintiff relied. Indeed, in granting Apple's first motion to dismiss Plaintiff Pirozzi's complaint, Judge Gonzalez Rogers held that Pirozzi's failure to "provide the particulars of her own experience reviewing or relying upon any" of the misrepresentations identified in her complaint was fatal to her claims. Pirozzi I, 913 F.Supp.2d at 850. This Court denied Apple's second motion to dismiss based on Pirozzi's identification of the specific representations she saw and relied upon, which representations are also alleged here. Pirozzi II, 2013 WL 4029067, at *6-7. Apple now argues that the Court's prior order was based on a misreading of Pirozzi's allegations and renews its motion to dismiss.
Having again examined Pirozzi's allegations, the Court now concludes that its prior decision regarding reliance was in error. In her Second Amended Complaint, Pirozzi alleged that Apple's website contained the same representations discussed here, including the representation that "[a]ll apps run in a safe environment, so a website or app can't access data from other apps."
The CAC suffers from the same defect. It repeats the identical allegations made in Pirozzi's Second Amended Complaint, and repeats the allegation that Pirozzi "viewed the Apple website." CAC ¶¶ 121-25. In the next paragraph, the CAC further alleges: "Likewise, each of the other Plaintiffs visited Apple's website...." What the CAC fails to do is connect any specific Plaintiff to any specific representation. The Court now concludes, even reading the complaint in the light most favorable to Plaintiffs, that Plaintiffs have failed to allege that any one of them saw any particular representation.
Recognizing that the few specific representations relied upon by this Court in denying Apple's second motion to dismiss Pirozzi's complaint form a narrow basis upon which to base this action, Plaintiffs now largely rest their misrepresentation claims on a different basis: that Apple allegedly engaged in a long-standing, widespread advertising campaign that created a reputation for safety and reliability. In re Tobacco II, 46 Cal.4th at 328, 93 Cal.Rptr.3d 559, 207 P.3d 20 ("where, as here, a plaintiff alleges exposure to a long-term advertising campaign, the plaintiff is not required to plead with an unrealistic degree of specificity that the plaintiff relied on particular advertisements or statements").
The named plaintiffs in In re Tobacco II alleged that the tobacco industry defendants conducted "a decades-long campaign of deceptive advertising and misleading statements about the addictive nature of nicotine and the relationship between tobacco use and disease." Id. at 306, 93 Cal.Rptr.3d 559, 207 P.3d 20. In concluding that the plaintiffs did not need to identify the specific statements upon which they relied, the California Supreme Court relied in part on a similar decision in Whiteley v. Philip Morris Inc., 117 Cal.App.4th 635, 680-82, 11 Cal.Rptr.3d 807 (2004).
In Whiteley, the California Court of Appeal affirmed a jury verdict in favor of the plaintiff, the husband of a woman who was a smoker and died of lung cancer. The tobacco industry defendants argued on appeal that the plaintiff had failed to present sufficient evidence of reliance to support the verdict. In particular, the defendants argued, as Apple does here, "that the evidence did not show that Whiteley heard any specific misrepresentation or false promise made by either defendant." They further argued: "`it is not enough that the plaintiff heard the alleged misrepresentation at some unidentified time from some unidentified source. Instead, the plaintiff must identify a specific misrepresentation that was actually communicated to the plaintiff (directly or indirectly).'" Id. at 680, 11 Cal.Rptr.3d 807. The Whiteley court expressly rejected that argument and held that the plaintiff "did not have to prove that she saw or heard any specific misrepresentations of fact or false promises that defendants made or that she heard them directly from defendants or their agents. It was sufficient that the statements were issued to the public with the intent that they reach smokers and potential smokers and that Whiteley, as a member of the intended target population, heard them." Id. at 680-81, 11 Cal.Rptr.3d 807.
Relying on section 533 of the Restatement Second of Torts, the court held that the trial court had correctly instructed the jury on this question as follows: "One who makes a misrepresentation or false promise
Id. at 681-82, 11 Cal.Rptr.3d 807.
While several courts have considered whether to apply Tobacco II so as to relieve an individual plaintiff of the need to plead that she viewed and relied on a specific misrepresentation, the cases in the aggregate do not define any bright line rules. A review of the jurisprudence, however, has led the Court to identify the following factors in determining whether to apply Tobacco II.
First, to state the obvious, a plaintiff must allege that she actually saw or heard the defendant's advertising campaign. See, e.g., Pfizer Inc. v. Super. Ct., 182 Cal.App.4th 622, 632, 105 Cal.Rptr.3d 795 (2010) ("[A]lthough Pfizer ran four different television commercials with the `as effective as floss' campaign, the commercials did not run continuously and there is no evidence that a majority of Listerine consumers viewed any of those commercials."); Herrington v. Johnson & Johnson Consumer, 2010 WL 3448531, at * 8 (N.D.Cal. Sept. 01, 2010) ("Plaintiffs have not plead that they viewed any of Defendants' advertising, let alone a `long-term advertising campaign' by Defendants"); Delacruz v. Cytosport, Inc., No. 11-cv-3532-CW, 2012 WL 2563857, at *9 (N.D.Cal. June 28, 2012) ("Cytosport II") ("Plaintiff has not alleged reliance in connection with the advertising campaign because she has not claimed that she saw and relied on any of the advertising, apart from the product websites and television ads").
Second, the advertising campaign at issue should be sufficiently lengthy in duration, and widespread in dissemination, that it would be unrealistic to require the plaintiff to plead each misrepresentation she saw and relied upon. Compare Tobacco II, 46 Cal.4th at 306, 93 Cal.Rptr.3d 559, 207 P.3d 20 (plaintiffs excused from pleading specific reliance where advertising campaign lasted for "decades"); Comm. On Children's Television, Inc. v. Gen. Foods Corp., 35 Cal.3d 197, 205-07, 197 Cal.Rptr. 783, 673 P.2d 660 (1983) (superseded on other grounds) (advertising campaign was on television daily and lasted four years),
Third, a plaintiff seeking to take advantage of the exception should describe in the complaint, and preferably attach to it, a "representative sample" of the advertisements at issue in order adequately to notify the defendant of the precise nature of the misrepresentation claim — that is, what, in particular, the defendant is alleged to have said, and how it was misleading. For example, in Children's Television, 35 Cal.3d at 205-07, 197 Cal.Rptr. 783, 673 P.2d 660, the court held that a trial court "could reasonably require plaintiffs to set out or attach a representative selection of advertisements, to state the misrepresentations made by those advertisements, and to indicate the language or images upon which any implied misrepresentations are based." Id. at 218, 197 Cal.Rptr. 783, 673 P.2d 660. In the California Supreme Court's view, that requirement "represents a reasonable accommodation between defendants' right to a pleading sufficiently specific `that the court can ascertain for itself if the representations ... were in fact material, and of an actionable nature,' and the importance of avoiding pleading requirements so burdensome as to preclude relief in cases involving multiple misrepresentations." Id. (citation omitted).
Fourth, the degree to which the alleged misrepresentations contained within the advertising campaign are similar to each other, or even identical, is also an important factor.
Fifth, in the absence of specific misrepresentations, a complaint subject to Rule 9(b)'s requirements should plead with particularity, and separately, when and how each named plaintiff was exposed to the advertising campaign. It is not sufficient to plead as a group, nor is it sufficient simply to allege general exposure without more detail. The facts in In re Tobacco II contained such detail. So too in Morgan v. AT & T Wireless Servs., Inc., 177 Cal.App.4th 1235, 1257-58, 99 Cal.Rptr.3d 768 (2009), where the plaintiffs alleged that when considering purchasing T68i mobile phones from AT & T Wireless, "they each conducted research in which they encountered AT & T advertisements and press releases explaining the advanced features of the T68i and the improvements AT & T was making and was going to make to its GMS/GPRS network." They also alleged they were exposed to similar representations at the AT & T store when they purchased their phones and service plans, "and that they relied upon their research (including information from the AT & T advertisements and press releases, and the in-store representations) in deciding to purchase the T68i from AT & T." Id. Within a "relatively short period of time" after purchasing their phones, and despite AT & T's marketing concerning the upgrades to its network, AT & T performed upgrades on the network that it knew would render the T68i phones "essentially useless."
AT & T moved to dismiss because the plaintiffs had failed to identify specific misrepresentations. The court held that the allegations supported the plaintiffs' various misrepresentation claims, including the UCL, CLRA, FAL, and common law fraud, because the plaintiffs
Id. In the context of the common law fraud claim, the court again observed: "where a fraud claim is based upon numerous misrepresentations, such as an advertising campaign that is alleged to be misleading, plaintiffs need not allege the specific advertisements the individual plaintiffs relied upon; it is sufficient for the plaintiff to provide a representative selection of the advertisements or other statements to indicate the language upon which the implied misrepresentations are based." Id. at 1262, 99 Cal.Rptr.3d 768.
The detail the Court requires here ensures that the advertisements at issue are representations that consumers were likely
Sixth, the court must be able to determine when a plaintiff made her purchase or otherwise relied in relation to a defendant's advertising campaign, so as to determine which portion of that campaign is relevant. Representations made prior to purchase are relevant to a plaintiff's claim; ones made after are not. Consequently, a plaintiff should describe, to the best of her ability, (1) when the product was purchased, (2) the timeframe of the advertisements at issue, and (3) when the plaintiff was exposed to the advertisements.
These factors are merely one court's attempt to harmonize the developing jurisprudence of false advertising claims. Future decisions from the California state and federal courts may reveal additional factors, or demonstrate that some of those just listed are not helpful. Nevertheless, these are the factors the Court has been able to identify.
Applying them here, the Court finds that Plaintiffs have not adequately alleged a long-term advertising campaign of the kind that would excuse them from pleading specific reliance. Although Plaintiffs allege a long-term advertising campaign, they fail to do so with the level of detail that has led other courts to allow such claims to proceed.
First, as set forth above, it is not clear that any of the plaintiffs were actually exposed to Apple's advertising campaign.
Second, although the CAC alleges with sufficient specificity the length of the advertising campaign at issue — it alleges that the campaign began at least by 2008 and continued up through the filing of the CAC — it does not contain sufficient detail concerning the extent of the advertising. It is unclear from the CAC how often the advertisements were published, or in which media. Without more detail, the Court cannot conclude that it would be "unrealistic" to require Plaintiffs to plead with specificity their exposure to each alleged misrepresentation.
Third, and relatedly, Plaintiffs have not attached or described a "representative sample" of the advertisements at issue. Instead of cursory allegations that Apple "repeatedly represented that Apple's products are safe and secure, and that private information could not be accessed by third-party apps without the user's express consent," CAC ¶ 64, Plaintiffs should describe in detail, or attach, advertisements that they contend are typical of the advertising campaign at issue. The Court is mindful that Plaintiffs have identified some specific representations contained on Apple's website, or made by Apple's employees, including its former and current CEOs. But it is not enough. After reading the complaint asserted against it, a defendant should be able to understand which advertising is alleged to be misleading, and how it is misleading, so that it may prepare a defense and identify in discovery the remainder of the advertising at issue — and just as importantly, that advertising which is not at issue. It is only through this process that the parties will be able to cabin, and then narrow, the scope of the litigation in succeeding stages. Because Plaintiffs have failed to allege in sufficient detail the nature of the advertisements, the Court finds that the CAC does not adequately notify Apple of the precise nature of the misrepresentation claims asserted against it.
Fifth, Plaintiffs do not separately allege in any detail how they were exposed to Apple's advertising campaign. It is not enough merely to allege that Plaintiffs "viewed Apple's website, saw in-store advertisements, and/or [were] aware of Apple's representations regarding the safety and security of the iDevices prior to purchasing their own iDevices." CAC ¶ 126.
Finally, without engaging Apple's attempts to develop a factual record at the pleading stage, the Court is mindful of the fact that Plaintiffs have not alleged when they purchased their devices, other than to allege they were all purchased prior to February 2012. Consequently, even if Plaintiffs adequately address the other deficiencies in the CAC, it would still be difficult for the Court to conclude that Plaintiffs were exposed to the advertising at issue prior to purchasing their iDevices without more detailed allegations concerning the chronology of events for each Plaintiff in this case.
Plaintiffs argue in the alternative that their misrepresentation claims are viable because Apple had an affirmative duty to disclose material facts of which it had exclusive knowledge, i.e., the vulnerability of Plaintiffs' iDevices to the theft of their address books by third party apps, rendering it unnecessary for Plaintiffs to identify any misrepresentations.
"As the Ninth Circuit has recently cautioned, in the context of product defect claims, `California courts have generally rejected a broad duty to disclose.'" Donohue v. Apple, Inc., 871 F.Supp.2d 913, 925 (N.D.Cal.2012) (citing Wilson v. Hewlett-Packard Co., 668 3d 1136, 1141 (9th Cir. 2012). Nondisclosure or concealment constitutes actionable fraud in only four circumstances: "(1) when the defendant is in a fiduciary relationship with the plaintiff; (2) when the defendant had exclusive knowledge of material facts not known to the plaintiff; (3) when the defendant actively conceals a material fact from the plaintiff; and (4) when the defendant makes partial representations but also suppresses some material facts." LiMandri v. Judkins, 52 Cal.App.4th 326, 336, 60 Cal.Rptr.2d 539 (1997).
Plaintiffs argue that their non-disclosure claims fit into each of the last three categories. Because the Court has already determined above that Plaintiffs do not adequately identify Apple's alleged misrepresentations, only the second and third categories are at issue.
But Plaintiffs' failure to disclose claims have a separate problem: "`[a] manufacturer's duty to consumers is limited to its warranty obligations absent either an affirmative misrepresentation or a safety issue.'" Donohue, 871 F.Supp.2d at 925(quoting Oestreicher v. Alienware Corp., 322 Fed.Appx. 489, 493 (9th Cir. 2009)).
Because Plaintiffs have failed to plead with particularity the specific representations upon which they relied, have failed adequately to plead a long-term and extensive advertising campaign, and have failed to satisfy the requirements for a pure non-disclosure or concealment claim, the Court will grant Apple's motion to dismiss Plaintiffs' UCL, FAL, CLRA, and negligent misrepresentation claims, with leave to amend.
The California Comprehensive Computer Data Access and Fraud Act ("CDAFA"), Cal.Penal Code § 502, "expand[s] the degree of protection afforded to individuals, businesses, and governmental agencies from tampering, interference, damage, and unauthorized access to lawfully created computer data and computer systems." Id. § 502(a). Every Plaintiff except Pirozzi asserts a claim against Apple for violation of the CDAFA. The CDAFA imposes liability, inter alia, on any person who
Id. § 502(c)(1),(2),(6)-(8). The CDAFA authorizes the owner of the computer "who suffers damage or loss by reason of a violation of any of the provisions of subdivision (c) [to] bring a civil action against the violator for compensatory damages and injunctive relief or other equitable relief." Id. § 502(e)(1).
Apple moves to dismiss on several grounds. As an initial matter, the Court notes that, to the extent Plaintiffs' theories of liability under the CDAFA derive from Apple's "reviewing, editing, and deciding whether to" make available to its users the offending apps, those claims are barred by the Communications Decency Act, as discussed above.
To the extent Plaintiffs assert a CDAFA claim based on Apple's encouragement of the development of the offending features of the subject apps, those allegations are insufficiently pleaded. Each subsection of the statute Plaintiffs assert incorporates expressly or by reference a requirement that the defendant acted "without permission." See Cal. Pen. Code § 502(b)(10) (defining "computer contaminant"). Courts in this district have interpreted "without permission" to mean "in a manner that circumvents technical or code based barriers in place to restrict or bar a user's access." Facebook, Inc. v. Power Ventures, Inc., 844 F.Supp.2d 1025,
Plaintiffs argue that their CDAFA claim is viable because they "did not know that the apps contained the malicious code at issue here." ECF No. 421 at 42. Other courts in this district have already persuasively rejected this argument. See iPhone I, 2011 WL 4403963, at *12 ("On Plaintiffs' own allegations, the iOS and third party apps — which contain the alleged `surreptitious code' — were all installed or updated voluntarily by Plaintiffs."); In re Google Android Consumer Privacy Litig., 2013 WL 1283236, at *12 ("Plaintiffs, however, have not included any facts that show — or lead to a reasonable inference — that the tracking codes have been designed in such a way to render ineffective any barriers the Plaintiffs might wish to use to prevent access to their PII.").
Plaintiffs' allegations are materially indistinguishable from the allegations in iPhone I and In re Google Android Consumer Privacy. Although Plaintiffs allege they did not grant permission to the apps to copy their address books, there is no suggestion that the apps overcame "technical or code based barriers in place to restrict or bar a user's access." According to the CAC, the apps in question had open access to Plaintiffs' address books.
Plaintiffs' CDAFA claims against Apple will be dismissed.
The Opperman Plaintiffs assert design defect and failure to warn strict products liability claims against Apple. "`A manufacturer is strictly liable in tort when an article he places on the market, knowing that it is to be used without inspection for defects, proves to have a defect that causes injury to a human being.'" Anderson v. Owens-Corning Fiberglas Corp., 53 Cal.3d 987, 994, 281 Cal.Rptr. 528, 810 P.2d 549 (1991) (quoting Greenman v. Yuba Power Products, Inc., 59 Cal.2d 57, 62, 27 Cal.Rptr. 697, 377 P.2d 897 (1963)).
Importantly, "recovery under the doctrine of strict liability is limited solely to `physical harm to person or property.'" Jimenez v. Superior Court, 29 Cal.4th 473, 482, 127 Cal.Rptr.2d 614, 58 P.3d 450 (2002) (quoting Seely v. White Motor Co., 63 Cal.2d 9, 18, 45 Cal.Rptr. 17, 403 P.2d 145 (1965)). "Damages available under strict products liability do not include economic loss, which includes damages for inadequate value, costs of repair and replacement of the defective product or consequent loss of profits — without any claim of personal injury or damages to other property" Id. (quotation marks and citations omitted). By contrast, "[t]he law of contractual warranty governs damage to the product itself." Id. at 483, 127 Cal.Rptr.2d 614, 58 P.3d 450.
Plaintiffs do not explain what injury they allege that satisfies the economic
Plaintiffs' negligence claims are barred by the economic loss rule discussed in the immediately previous section. "Purely economic damages to a plaintiff which stem from disappointed expectations from a commercial transaction must be addressed through contract law; negligence is not a viable cause of action for such claims." In re iPhone Application Litig. ("iPhone II"), 844 F.Supp.2d 1040, 1064 (N.D.Cal.2012).
The Court will dismiss Plaintiffs' negligence claim against all Defendants.
Plaintiffs state that they "elect not to prosecute [the RICO] claim at this time and have no objection to its dismissal without prejudice as to" Apple. ECF No. 421 at 50. The Court construes Plaintiffs' statement as a Rule 41(a)(1)(A)(i) notice of voluntary dismissal, which is self-executing.
In response to Apple's argument that aiding and abetting is not a stand-alone cause of action in California, Plaintiffs respond: "The fact that Plaintiffs' aiding and abetting allegations are set out in a separate claim merely provides clarity to the complaint by specifying that Plaintiffs contend that Apple is liable not just for its own actions but for those of the App Defendants." ECF No. 421 at 49. Far from providing clarity, the separate aiding and abetting count casts in doubt which claims that, facially, are asserted only against the App Defendants are also meant to apply to Apple as well. The Court cannot discern from the CAC what additional liability, other than the claims Plaintiffs explicitly assert against Apple, Plaintiffs attempt to impose on Apple by virtue of the aiding and abetting count. For this reason, the Court will dismiss the claim. Plaintiffs are advised that each claim in the complaint should clearly set forth against which Defendants it is meant to be asserted.
Like Apple, the App Defendants move to dismiss all of Plaintiffs' claims against them on Article III standing grounds, as well as pursuant to Rule 12(b)(6).
The Article III standing analysis as applied to Plaintiffs' claims against the App Defendants differs from the analysis regarding Plaintiffs' claims against Apple. In particular, the App Defendants argue that Plaintiffs have failed to identify an injury-in-fact sufficient to establish standing.
In evaluating Path's motion to dismiss the Hernandez complaint prior to the relation of that action to the above-captioned action, Judge Gonzalez Rogers evaluated
In addition, however, Plaintiffs present four new theories of injury-in-fact not present in, Hernandez. First, Plaintiffs argue that their claim for injunctive relief is sufficient to confer standing. "To have standing to assert a claim for prospective injunctive relief, a plaintiff must demonstrate `that he is realistically threatened by a repetition of [the violation].'" Melendres v. Arpaio, 695 F.3d 990, 997 (9th Cir.2012) (quoting City of Los Angeles v. Lyons, 461 U.S. 95, 109, 103 S.Ct. 1660, 75 L.Ed.2d 675 (1983)). Here, Plaintiffs allege that the App Defendants all discontinued their practices when the practice of transmitting user address books was made public. Moreover, Plaintiffs allege that Apple has instituted additional privacy controls that enable users to control which apps have access to their address books. Because there is no realistic threat of repetition, Plaintiffs cannot establish standing through their prayer for injunctive relief.
Second, Plaintiffs argue that the App Defendants interfered with their property rights in their address books, conferring standing on Plaintiffs to sue. "[D]istrict courts have been reluctant to find standing based solely on a theory that the value of a plaintiff's [personal information] has been diminished." Yunker v. Pandora Media, Inc., No. 11-cv-03113-JSW, 2013 WL 1282980 (N.D.Cal. Mar. 26, 2013). "[I]njury-in-fact in this context requires more than an allegation that a defendant profited from a plaintiff's personal identification information. Rather, a plaintiff must allege how the defendant's use of the information deprived the plaintiff of the information's economic value. Put another way, a plaintiff must do more than point to the dollars in a defendant's pocket; he must sufficiently allege that in the process he lost dollars of his own." In re Google, Inc. Privacy Policy Litig., 2013 WL 6248499, at *5. See also In re Google Android Consumer Privacy Litig., 2013 WL 1283236, at *4 ("Similarly, although Plaintiffs allege that a market exists that could provide them the opportunity to sell their PII, none of the Plaintiffs specifically tie those allegations to them. Plaintiffs also do not allege they attempted to sell their personal information, that they would do so in the future, or that they were foreclosed from entering into a value for value transaction relating to their PII, as a result of the Google Defendants' conduct.").
However, Plaintiffs' two remaining theories of injury are sufficient to confer standing. First, as observed above, Plaintiffs are able to establish standing through their statutory claims, because "[t]he injury required by Article III can exist solely by virtue of `statutes creating legal rights, the invasion of which creates standing.'" Edwards v. First Am. Corp., 610 F.3d 514, 517 (9th Cir.2010) (quoting Fulfillment Servs. Inc. v. United Parcel Serv., Inc., 528 F.3d 614, 618 (9th Cir.2008)). See In re Google, Inc. Privacy Policy Litig., 2013 WL 6248499, at *8 ("Although Article III always requires an injury, the alleged violation of a statutory right that does not otherwise require a showing of damages is an injury sufficient to establish Article III standing.").
Second, Plaintiffs assert a common law claim for invasion of privacy. Regardless of the merits of that claim, the Court finds Plaintiffs' allegations sufficient on this point. The essence of the standing inquiry is to determine whether the plaintiff has "alleged such a personal stake in the outcome of the controversy as to assure that concrete adverseness which sharpens the presentation of issues upon which the court so largely depends." Baker v. Carr, 369 U.S. 186, 204, 82 S.Ct. 691, 7 L.Ed.2d 663 (1962). It is beyond meaningful dispute that a plaintiff alleging invasion of privacy as Plaintiffs do here presents a dispute the Court is permitted to adjudicate. See, e.g., Wright & Miller, 13A Fed. Prac. & Proc. Juris. § 3531.4 (3d ed.); Ruiz v. Gap, Inc., 380 Fed.Appx. 689, 691 (9th Cir.2010) (unpublished) (holding allegation that laptop theft put plaintiff at "greater risk of identity theft" was sufficient injury, even where plaintiff had no UCL standing); Yunker, 2013 WL 1282980, at *6 (finding Article III standing based on violation of constitutional privacy rights); Citizens for Health v. Leavitt, 428 F.3d 167, 176 & n. 9 (3d Cir.2005), cert. den'd 549 U.S. 941, 127 S.Ct. 43, 166 L.Ed.2d 251 (2006) (holding Plaintiffs had standing to challenge "Privacy Rule" that allowed medical providers to use or disclose personal health information without patient consent because summary judgment evidence showed "at least one individual plaintiff's health information has been, or will imminently be, disclosed without her consent by private health care providers and drugstore chains"); Folgelstrom
For the foregoing reasons, the Court will dismiss Plaintiffs' common law claims against the App Defendants, except their invasion of privacy claims, on standing grounds.
The Court will also dismiss Plaintiffs' UCL claims against the App Defendants, because, in order to have standing to assert their UCL claims, Plaintiffs must show that they "lost money or property," and, as the Court concludes above, they have failed to make such a showing. See Kwikset Corp. v. Super. Ct., 51 Cal.4th 310, 325, 120 Cal.Rptr.3d 741, 246 P.3d 877 (2011).
The Opperman Plaintiffs assert the common law claim of intrusion upon seclusion against the App Defendants. In particular, Plaintiffs allege that "[b]y surreptitiously obtaining, improperly gaining knowledge, reviewing and retaining Plaintiffs' private mobile address books (or substantial portions thereof), the App Defendants intentionally intruded on and into each respective Plaintiff's solitude, seclusion or private affairs." CAC ¶ 630. Plaintiffs allege the intrusion was "highly offensive to a reasonable person," as evidenced by the "myriad newspaper articles, blogs, op eds., and investigative exposes' [that] were written complaining and objecting vehemently to these defendants' practices." CAC ¶ 631. Plaintiffs also allege that "[c]ongressional inquiries were opened to investigate these practices and some defendants even publicly apologized. The surreptitious manner in which the App Defendants' conducted these intrusions confirms their outrageous nature." Id.
The Second Restatement of Torts provides: "One who intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the intrusion would be highly offensive to a reasonable person." Rest. (2d) of Torts § 652B (1977). California courts recognize that "`a measure of personal isolation and personal control over the conditions of its abandonment is of the very essence of personal freedom and dignity, is part of what our culture means by these concepts.'" Shulman v. Grp. W Prods., Inc., 18 Cal.4th 200, 231, 74 Cal.Rptr.2d 843, 955 P.2d 469 (1998) (quoting Bloustein, Privacy as an Aspect of Human Dignity: An Answer to Dean Prosser, 39 N.Y.U. L.Rev. 962, 973-974 (1964) (footnote omitted)).
An intrusion upon seclusion claim "does not depend upon any publicity given to the person whose interest is invaded or to his affairs." Rest. (2d) of Torts § 652B, Comment a. Nor must the intrusion be physical:
Id., Comment b. California has adopted the Restatement's two-prong formulation of intrusion upon seclusion claims: "(1) intrusion into a private place, conversation or matter, (2) in a manner highly offensive to a reasonable person." Shulman, 18 Cal.4th at 231, 74 Cal.Rptr.2d 843, 955 P.2d 469.
"The tort is proven only if the plaintiff had an objectively reasonable expectation of seclusion or solitude in the place, conversation or data source." Id. Whether a legally protected privacy interest is at stake is a question of law; whether a plaintiff has a reasonable expectation of privacy and whether the defendant's conduct is a serious invasion of privacy are mixed questions of law and fact. See Hill v. Nat'l Collegiate Athletic Assn., 7 Cal.4th 1, 39-40, 26 Cal.Rptr.2d 834, 865 P.2d 633 (1994) (discussing California constitutional invasion of privacy). "If the undisputed material facts show no reasonable expectation of privacy or an insubstantial impact on privacy interests, the question of invasion may be adjudicated as a matter of law." Id.
The Court does not read the App Defendants to be contesting that Plaintiffs have a legally protectable privacy interest in their address books, nor do the App Defendants contest that the apps intruded upon that interest. Instead, the App Defendants argue that Plaintiffs did not have a reasonable expectation of privacy in the information, and that the intrusion was not sufficiently offensive to give rise to a claim for intrusion upon seclusion.
A claim for intrusion upon seclusion is not viable unless the plaintiff had an "objectively reasonable expectation of seclusion or solitude in the place, conversation or data source." Shulman, 18 Cal.4th at 231, 74 Cal.Rptr.2d 843, 955 P.2d 469. Several factors affect a person's reasonable expectation of privacy. Advance notice of an impending action, customs, practices, and physical settings may "create or inhibit reasonable expectations of privacy." Hill, 7 Cal.4th at 36, 26 Cal.Rptr.2d 834, 865 P.2d 633. "Finally, the presence or absence of opportunities to consent voluntarily to activities impacting privacy interests obviously affects the expectations of the participant." Id.
Here, there are two types of alleged intrusions at issue. Plaintiffs allege that some apps copied Plaintiffs' address books without consent or any prompt. The Court finds that Plaintiffs' expectation of privacy in their address books contained on their iDevices in this circumstance was reasonable. See, e.g., United States v. Zavala, 541 F.3d 562, 577 (5th Cir.2008) ("[C]ell phones contain a wealth of private information, including emails, text messages, call histories, address books, and subscriber numbers. Zavala had a reasonable expectation of privacy regarding this information."); United States v. Cerna, No. 08-cv-0730-WHA, 2010 WL 5387694, at *6 (N.D.Cal. Dec. 22, 2010) (citing Zavala) ("Luis Herrera had a reasonable expectation of privacy in the contents of the seized phones as his physical possession of the cell phones created a reasonable expectation of privacy in their contents."); United States v. Chan, 830 F.Supp. 531, 534 (N.D.Cal.1993) (criminal defendant had expectation of privacy in contents of pager because "[t]he expectation of privacy in an electronic repository for personal data is therefore analogous to that in a personal
Other apps, such as Gowalla and Instagram, copied address books only after they prompted the user to "find friends" who use the same app by scanning Plaintiffs' address books. See, e.g., CAC vit 238, 317. The menu prompts notified users that the app would scan their address books. Although the prompts required Plaintiffs to consent, Plaintiffs' expectation of privacy in that circumstance was still reasonable. Plaintiffs allege that they would not have consented had they known that their apps would not only scan their address books to determine whether their friends were using the same app, but then upload the address books to the app developer for other purposes. Plaintiffs allege that their consent was obtained by fraud, and that their consent was therefore invalid. See Rest. (2d) of Torts § 892B (1979) ("If the person consenting to the conduct of another is induced to consent by a substantial mistake concerning the nature of the invasion of his interests or the extent of the harm to be expected from it and the mistake is known to the other or is induced by the other's misrepresentation, the consent is not effective for the unexpected invasion or harm."); Sanchez-Scott v. Alza Pharm., 86 Cal.App.4th 365, 377-78, 103 Cal.Rptr.2d 410 (2001) (sustaining intrusion upon seclusion claim where doctor obtained consent of patient to breast examination in front of a drug salesperson without disclosing salesperson was not a medical professional).
Here, Plaintiffs allege that the App Defendants obtained their consent by misrepresenting their purpose. That is, they allege that the App Defendants intentionally represented that they would only "scan" Plaintiffs' address books for purposes of the "find friends" feature without disclosing that, at the same time, the app would transmit a copy of the address book to Defendants for their own use. Taking the allegations in the CAC as true, the Court concludes that Plaintiffs' consent was invalid. Consequently, Plaintiffs had a reasonable expectation of privacy with respect to the address books copied by each app at issue.
The App Defendants' primary argument in support of their motion to dismiss Plaintiffs' intrusion upon seclusion claim is that the intrusion at issue is not "highly offensive."
Liability for intrusion upon seclusion will not lie "unless the interference with the plaintiffs seclusion is a substantial one, of a kind that would be highly offensive to the ordinary reasonable man, as the result of conduct to which the reasonable man would strongly object." Rest. (2d) of Torts § 652B, Comment d. "A court determining the existence of `offensiveness' would consider the degree of intrusion, the context, conduct and circumstances surrounding the intrusion as well as the intruder's motives and objectives, the setting into which he intrudes, and the expectations of those whose privacy is invaded." Miller v. Nat'l Broad. Co., 187 Cal.App.3d 1463, 1483-84, 232 Cal.Rptr. 668 (1986).
In evaluating a claim for invasion of California's constitutional right to privacy, the iPhone II court held that the surreptitious tracking of personal data and geolocation information was not an "egregious breach of social norms." 844 F.Supp.2d at 1063. In coming to that conclusion, that court relied primarily on the decision in Folgelstrom v. Lamps Plus, Inc., 195 Cal.App.4th 986, 992, 125 Cal.Rptr.3d 260 (2011). In Folgelstrom, the plaintiff alleged that the defendant retailer routinely asked for customers' zip codes, asked a credit
The decision in Folgelstrom is distinguishable.
The Court cannot conclude as a matter of law that Defendants' copying of Plaintiffs' address books was not "highly offensive." That question is best left for a jury.
The App Defendants briefly argue that Plaintiffs have failed adequately to allege damages from the alleged intrusion upon seclusion because they have failed to allege economic injury. No such allegation is required. A plaintiff who prevails on an intrusion upon seclusion claim may recover damages for "anxiety, embarrassment, humiliation, shame, depression, feelings of powerlessness, anguish, etc." Operating Engineers Local 3 v. Johnson, 110 Cal.App.4th 180, 187, 1 Cal.Rptr.3d 552 (2003) (quoting Miller v. National Broadcasting Co., 187 Cal.App.3d 1463, 1485, 232 Cal.Rptr. 668 (1986)).
For the foregoing reasons, the Court will deny the App Defendants' motion to dismiss the Opperman Plaintiffs' claim for intrusion upon seclusion.
The Opperman Plaintiffs also assert an invasion of privacy claim for public disclosure of private facts.
The elements of a claim for public disclosure of private facts are: "(1)
The Restatement makes clear that Plaintiffs must allege disclosure to the public "at large":
Rest. (2d) of Torts § 652D, Comment a (1977).
Plaintiffs argue that they satisfy this standard because their address books were transmitted in an unencrypted manner, or over public WiFi, "making it publicly available to third parties as well as service providers." ECF No. 422 at 27. That argument fails to meet the disclosure requirement for this claim. While Plaintiffs allege that their information could have been intercepted by third parties, they do not allege that any interception occurred, nor do they allege that it was "substantially certain" that their address books would become "public knowledge." To satisfy the requirement, more specific allegations establishing the extent of the disclosure are required.
For this reason, the Court will dismiss the Opperman Plaintiffs' public disclosure claim.
The Court's analysis supra, Part III.D. concerning the California Comprehensive Computer Data Access and Fraud Act ("CDAFA"), Cal.Penal Code § 502, applies equally to Plaintiffs' claims against the App Defendants. For the challenged conduct to qualify as "without permission" under the CDAFA, the conduct must involve circumventing "restrictions on access" of some kind. The CAC does not allege that the subject apps circumvented any restrictions.
Plaintiffs also assert a claim for violation of the federal Computer Fraud and Abuse Act ("CFAA"), 18 U.S.C. §§ 1030(a)(2)(C), (a)(5), & (g), against the App Defendants. Plaintiffs concede that, like the CDAFA, the CFAA applies only to a defendant's access to a computer "without authorization," and that this limitation must be interpreted similarly to the "without
Plaintiffs do not advance any new arguments concerning the "without authorization" limitation in the CFAA, relying instead on their arguments concerning the CDAFA. Consequently, the Court will dismiss both claims.
The Federal Wiretap Act, or Electronic Communications Privacy Act ("ECPA"), 18 U.S.C. § 2510, prohibits "interception" of "wire, oral, or electronic communications." Id. § 2511(1). The Act provides a private right of action against any person who "intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication," id.; § 2511(1)(a), or who "intentionally uses, or endeavors to use, the contents of any wire, oral, or electronic communication, knowing or having reason to know that the information was obtained through the interception of a wire, oral, or electronic communication in violation of [the Wiretap Act]," id. § 2511(1)(d). "Intercept" is defined as "the aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device." Id. § 2510.
All Plaintiffs except Pirozzi assert an ECPA claim against the App Defendants. Judge Gonzalez Rogers previously dismissed the ECPA claim in Hernandez for the same reason the App Defendants seeks dismissal here: "The FAC fails to allege that Defendant intercepted any communication contemporaneously with its transmission. Although Path allegedly transmitted the Class Members' Contact Address Books from the Class Members' mobile devices to Path's servers, Path did not `intercept' a `communication' to do so." Hernandez, 2012 WL 5194120, at *3. Similarly, the Ninth Circuit has noted that "interception" means "`communication contemporaneous with transmission.'" Theofel v. Farey-Jones, 359 F.3d 1066, 1077 (9th Cir.2004) (quoting Konop v. Hawaiian Airlines, Inc., 302 F.3d 868, 876 (9th Cir.2002) (holding unauthorized access to e-mail messages did not violate ECPA). "Specifically, Congress did not intend for `intercept' to apply to `electronic communications' when those communications are in `electronic storage.'" Id. (internal quotation marks omitted) (quoting Konop, 302 F.3d at 876).
Plaintiffs simultaneously "preserv[e] their disagreement with this court-generated rule in the event it is later overturned," ECF No. 422 at 24, and also advance the tortured argument that the contemporaneous interception requirement is met here because the apps in question caused Plaintiffs' iDevices to "send information from the user's Contacts from the iDevice's storage memory to processors and active memory being used by the app" and then "simultaneously intercept[ed] that transmission." Id. The decisions in Konop and Theofel are dispositive. In those cases, the "transmission" Plaintiffs describe here as being "intercepted" — the use of data by different memory components of the same device — was insufficient to give rise to an ECPA claim. The Court will dismiss Plaintiffs' ECPA claim.
Plaintiffs' claims under the California Invasion of Privacy Act, Cal. Pen.Code
The Texas Plaintiffs assert a claim for violation of Texas Penal Code section 31.03(a), which provides that a person commits theft: "if he unlawfully appropriates property with intent to deprive the owner of property." "Deprive" means "(A) to withhold property from the owner permanently or for so extended a period of time that a major portion of the value or enjoyment of the property is lost to the owner; (B) to restore property only upon payment of reward or other compensation; or (C) to dispose of property in a manner that makes recovery of the property by the owner unlikely." Tex. Pen.Code § 31.01(2)(A)-(C).
Plaintiffs cannot satisfy the definition of "deprive" for purposes of their Texas Theft Liability Act claim. Even if Plaintiffs have a property right in their address books, there is no allegation that the App Defendants withheld the address books from Plaintiffs "permanently or for so extended a period of time that a major portion of the value or enjoyment of the property" was lost. Nor do Plaintiffs allege that the App Defendants offered to restore the address books for payment, because no restoration is possible; the address books were copied. For the same reason, Plaintiffs have not alleged that the App Defendants disposed of the property. Consequently, the Court will dismiss the Texas Plaintiffs' Texas Theft Liability Act claim.
Plaintiffs "elect not to prosecute [their RICO and vicarious liability] claims at this time and have no objection to their dismissal without prejudice as to" the App Defendants. As discussed above with respect to Plaintiffs' RICO claim against Apple, the Court construes Plaintiffs' statement as a Rule 41(a)(1)(A)(i) notice of voluntary dismissal, which is self-executing.
App Defendants Facebook and Gowalla move to dismiss Plaintiffs' claims against them for violation of the Uniform Fraudulent Transfer Act ("UFTA"), Cal. Civ.Code § 3439, et seq., for common law aiding and abetting, and for successor liability (as against Facebook only).
Plaintiffs allege that "[i]n late 2011, Facebook conducted due diligence on Gowalla for a contemplated business transaction with Gowalla and/or Gowalla's owners. The contemplated transaction involved transfer of all or substantially all of Gowalla's assets, technology, know-how or equity to Facebook." CAC ¶ 414. According to the CAC, Facebook discovered that Gowalla's app had been copying users' address books without consent and decided as a result to structure the transaction differently. The resulting transaction transferred to Facebook Gowalla's key personnel, "technology" and "know-how." CAC ¶ 416. "Facebook did not pay Gowalla reasonably fair value for the Gowalla assets, technology, know-how or personnel. Facebook instead paid Gowalla's shareholders and management for the company's assets.
The transaction was memorialized in a Release and Waiver Agreement submitted to the Court under seal by Facebook and Gowalla.
"The [California] UFTA permits defrauded creditors to reach property in the hands of a transferee." Fid. Nat. Title Ins. Co. v. Schroeder, 179 Cal.App.4th 834, 840-41, 101 Cal.Rptr.3d 854 (2009). "A fraudulent conveyance under the UFTA involves `a transfer by the debtor of property to a third person undertaken with the intent to prevent a creditor from reaching that interest to satisfy its claim.'" Filip v. Bucurenciu, 129 Cal.App.4th 825, 829, 28 Cal.Rptr.3d 884 (2005) (quoting Kirkeby v. Super. Ct., 33 Cal.4th 642, 648, 15 Cal.Rptr.3d 805, 93 P.3d 395 (2004).
Under the California UFTA,
Here, Plaintiffs' allegations do not establish that any transfer of assets occurred within the meaning of the UFTA. Plaintiffs only describe generally what assets they assert were transferred: personnel, "technology," and "know-how." Plaintiffs fail to address the requirement that the transfer at issue put beyond Plaintiffs' reach property they otherwise would be able to subject to the payment of debt. There is no suggestion, for example, that Plaintiffs could not subject Gowalla's intellectual property, which Gowalla retained, to the payment of a future debt, or that the license Gowalla conveyed to Facebook somehow impaired its ability to satisfy creditor claims. Certainly Gowalla's employees are not "assets" for purposes of the UFTA. The parties have cited only one case to the Court on this point, Fink v. Advanced Logic Sys., Inc., A-5939-05T1, 2007 WL 3239222, at *7 (N.J.Super.Ct.App.Div. Nov. 5, 2007), and there, the court held that a nonexclusive license to copyrighted work was not an asset for purposes of a New Jersey fraudulent transfer.
Because Plaintiffs have failed to allege a transfer of assets within the meaning of the UFTA, their UFTA claim will be dismissed.
Each claim asserted against Gowalla in this case is also asserted against Facebook by virtue of successor liability. Under California law, a corporation that purchases the assets of another does not assume the liabilities of the selling corporation unless: "(1) there is an express or implied agreement of assumption, (2) the transaction amounts to a consolidation or merger of the two corporations, (3) the purchasing corporation is a mere continuation of the seller, or (4) the transfer of assets to the purchaser is for the fraudulent purpose of escaping liability for the seller's debts." Ray v. Alad Corp., 19 Cal.3d 22, 28, 136 Cal.Rptr. 574, 560 P.2d 3 (1977). Plaintiffs' allegations on this point are materially deficient because they have not alleged that Facebook acquired Gowalla, and, as discussed above, they have failed to allege a transfer of assets. Indeed, the CAC expressly alleges the opposite: that Facebook acquired employees and intellectual property rights, but not Gowalla itself.
There is no successor liability where no acquisition or fraudulent transfer has occurred. See e.g., Gee v. Tenneco, Inc., 615 F.2d 857, 862 (9th Cir.1980) ("It is the general rule that where a corporation is not dissolved following a sale of assets or a reorganization, it remains liable for debts and liabilities incurred by it, unless it is otherwise agreed between the corporation and its creditors."). Consequently, Plaintiffs have failed to plead any claims against Facebook by virtue of successor liability.
Facebook argues, and Plaintiffs do not contest, that Texas law applies to Plaintiffs' claims against it. ECF No. 394 at 6 n.6; ECF No. 434 at 2. Texas does not recognize a claim for "aiding and abetting" as alleged in the CAC.
In Juhl v. Airington, 936 S.W.2d 640, 643 (Tex.1996), the Texas Supreme Court declined to adopt section 876 of the Restatement (Second) of Torts, which sets out a "concerted action" theory of liability, noting that whether concerted action liability is recognized in Texas would remain an "open question."
Plaintiffs' aiding and abetting claim will be dismissed.
For the foregoing reasons, the Court hereby DISMISSES all of Plaintiffs' claims against all Defendants with leave to amend, with the exception of the Opperman Plaintiffs' claim for common law intrusion upon seclusion against the App Defendants. Plaintiffs have leave to file an amended complaint within thirty days from the date of this Order.
Apple's role as an app publisher, including its promulgation of review guidelines, its review of all apps submitted to the App Store, and its enforcement of its guidelines, is fundamental "publisher" activity protected by the CDA. Plaintiffs' allegations that Apple has failed to remove offending apps from the App Store, CAC ¶ 90, and that it encourages consumers to download third-party apps and advertises third-party apps in order to sell its devices are similarly subject to the CDA's protections.
Plaintiffs' allegations concerning the software development kit also fall under the CDA, because the kit is alleged to be nothing more than a "neutral tool" which app developers can use either lawfully or unlawfully. Nothing in the CAC suggests that the kit itself contributes to the practice of taking contact databases without consent. The kit, technologically speaking, makes that practice possible, but it also allows for developers to ask for permission first, rendering the tool "neutral" in nature.
That passage from Folgelstrom is dicta, and the Court has been unable to locate any other decision that has applied the limitation; it was not relied upon, for example, in iPhone II. Moreover, unlike the Folgelstrom court, this Court has been able to locate cases which impose liability without an allegation of highly offensive use. For example, in Sanchez-Scott v. Alza Pharm., 86 Cal.App.4th 365, 377-78, 103 Cal.Rptr.2d 410 (2001), a patient adequately stated an intrusion upon seclusion claim where her doctor performed a breast examination in front of a pharmaceutical salesperson without revealing that the salesperson was not a medical professional. In that case, no "highly offensive use" was at issue, only the highly offensive manner in which the privacy interest was invaded.
The Restatement also expressly disavows any such limitation. See Rest. (2d) of Torts § 652B, Comment b ("The intrusion itself makes the defendant subject to liability, even though there is no publication or other use of any kind of the photograph or information outlined.") (emphasis added).
As for the choice-of-law analysis, the parties agree that the California and Texas UFTA statutes do not conflict. Consequently, the Court will analyze California's UFTA.
Rest. (2d) of Torts, § 876 (1977).