Hernandez v. Path, Inc., No. 3:2012cv01515 - Document 91 (N.D. Cal. 2014)

Court Description: ORDER GRANTING IN PART AND DENYING IN PART DEFENDANTS' MOTIONS TO DISMISS by Judge Jon S. Tigar in case 3:12-cv-01529-JST; granting in part and denying in part (393) Motion to Dismiss; granting in part and denying in part (394) Motion to Dismiss; granting in part and denying in part (395) Motion to Dismiss; granting in part and denying in part (396) Motion to Dismiss in case 3:13-cv-00453-JST. (wsn, COURT STAFF) (Filed on 5/14/2014)
Download PDF
Hernandez v. Path, Inc. Doc. 91 1 2 3 UNITED STATES DISTRICT COURT 4 NORTHERN DISTRICT OF CALIFORNIA 5 6 7 MARC OPPERMAN, et al., Case No. 13-cv-00453-JST Plaintiffs, 8 v. 9 10 PATH, INC., et al., Defendants. United States District Court Northern District of California 11 12 13 14 ORDER GRANTING IN PART AND DENYING IN PART DEFENDANTS’ MOTIONS TO DISMISS Re: ECF Nos. 393, 394, 395, 396 15 16 THIS DOCUMENT RELATES TO ALL CASES 17 18 19 20 21 22 23 24 25 26 27 28 Dockets.Justia.com 1 2 I. Background ........................................................................................................................... 1 3 A. The App Store ........................................................................................................... 3 4 B. The Subject Apps ...................................................................................................... 5 5 C. Apple’s Representations ............................................................................................ 7 II. Legal Standards ..................................................................................................................... 8 III. 6 Apple’s Motion to Dismiss ................................................................................................. 10 7 A. Article III Standing.................................................................................................. 10 B. Communications Decency Act ................................................................................ 18 9 C. Misrepresentation Claims ........................................................................................ 23 10 D. California Comprehensive Computer Data Access and Fraud Act ......................... 34 11 E. Strict Products Liability: Design Defect and Failure to Warn ................................ 36 F. Negligence ............................................................................................................... 37 G. RICO ....................................................................................................................... 37 H. Aiding and Abetting ................................................................................................ 37 United States District Court Northern District of California 8 12 13 14 IV. App Defendants’ Motions to Dismiss ................................................................................. 38 15 A. Article III Standing.................................................................................................. 38 16 B. Plaintiffs' UCL Claims ............................................................................................ 41 17 C. Invasion of Privacy: Intrusion Upon Seclusion....................................................... 41 D. Invasion of Privacy: Public Disclosure of Private Facts ......................................... 47 E. CDAFA and Computer Fraud and Abuse Act ........................................................ 48 F. Electronic Communications Privacy Act ................................................................ 48 G. Texas and California Wiretap Statutes .................................................................... 49 21 H. Texas Theft Liability Act ........................................................................................ 50 22 I. RICO and Vicarious Liability ................................................................................. 50 18 19 20 23 V. Facebook and Gowalla’s Motion to Dismiss ...................................................................... 50 A. 26 27 28 VI. Successor Liability .................................................................................................. 53 C. 25 Uniform Fraudulent Transfer Act............................................................................ 51 B. 24 Aiding and Abetting ................................................................................................ 54 Conclusion ........................................................................................................................... 55 Before the Court are four motions to dismiss filed by Defendants in this action. The 1 2 operative Consolidated Amended Class Action Complaint (“CAC”), ECF No. 362, collects the 3 claims of fifteen plaintiffs1 in four related actions against a total of fifteen Defendants. Defendant 4 Apple Inc. designs and manufactures the iPhone, the iPod touch, and the iPad, (“iDevices”), each 5 of which is a mobile device that can wirelessly access the Internet. Since 2008, those devices have 6 included an App Store, which enables users to download software, or apps, to their devices created 7 by third parties. Each Defendant except for Apple is an app developer2 (collectively, “App 8 Defendants”). Plaintiffs allege that the App Defendants’ apps have been surreptitiously stealing 9 and disseminating the contact information stored by customers on Apple devices. CAC ¶ 7. 10 I. BACKGROUND United States District Court Northern District of California 11 Plaintiffs bring this action on their own behalf, on behalf of an “iDevice Class,” composed 12 of all purchasers of Apple’s iDevices between July 10, 2008 and the present who downloaded the 13 App Defendants’ apps, and on behalf of three subclasses: the “Malware Subclass,” the “Address 14 Book Subclass,” and the “Texas Subclass.” CAC ¶ 48. The Malware Subclass comprises those 15 who downloaded the subject apps. The Address Book Subclass comprises those in the Malware 16 Subclass whose iDevice, without requesting prior approval, “transmitted, disclosed, and/or 17 disseminated the iDevice’s mobile address book (or substantial portions thereof) over the Internet 18 and/or to third-parties” due to the subject apps. The CAC asserts several overlapping claims against different Defendants on behalf of 19 20 different Plaintiffs. In total, the CAC asserts the following statutory claims: violation of 21 California’s Unfair Competition Law (“UCL”), Cal. Bus. & Prof.s Code § 17200, et seq.; violation 22 23 24 25 26 27 28 1 The sixteenth Plaintiff, Haig Arabian, has voluntarily dismissed his claims. ECF No. 426. The remaining Plaintiffs are Alan Beuershasen, Giuli Biondi, Lauren Carter, Steve Dean, Stephanie Dennis-Cooley, Jason Green, Claire Hodgins, Gentry Hoffman, Rachelle King, Nirali Mandaywala, Claire Moses, Judy Paul, Maria Pirozzi, Theda Sandiford and Greg Varner. 2 The App Defendants are: Chillingo Ltd. (Angry Birds and Cut the Rope), Electronic Arts, Inc., Facebook, Inc., Foodspotting, Inc., Foursquare Labs, Inc., Gowalla, Inc., Hipster, Inc., Instagram, Inc., Kik Interactive, Inc., Path, Inc., Rovio Entertainment, Ltd. (Angry Birds Classic), Twitter, Inc., Yelp!, Inc., and ZeptoLab UK Ltd. (Cut the Rope). 1 1 of California’s False and Misleading Advertising Law (“FAL”), Cal. Bus. & Prof.s Code § 17500, 2 et seq.; violation of California’s Consumer Legal Remedies Act (“CLRA”), Cal. Civ. Code § 3 1750, et seq.; violation of the California Comprehensive Computer Data Access and Fraud Act 4 (“CDAFA”), Cal. Pen. Code § 502; violation of California’s Wiretap / Invasion of Privacy Act, 5 Cal. Pen. Code § 630, et seq.; violation of the Uniform Fraudulent Transfer Act, Cal. Civ. Code § 6 3439; violation of the Texas Wiretap Acts, Tex. Code Crim. P. art. 18.20, § 1(3) and Tex. Pen. 7 Code § 16.02(a); violation of the Texas Theft Liability Act, Tex. Pen. Code § 31.03; violation of 8 the federal Computer Fraud & Abuse Act, 18 U.S.C. § 1030; violation of the Electronic 9 Communications Privacy Act (“ECPA”), 18 U.S.C. § 2510; and violation of Racketeer Influenced and Corrupt Organizations Act (“RICO”), 18 U.S.C. § 1961–1964. In addition, Plaintiffs assert 11 United States District Court Northern District of California 10 common law claims for negligent misrepresentation, invasion of privacy (intrusion upon seclusion 12 and public disclosure of private facts), conversion, trespass to personal property and/or chattel, 13 misappropriation, strict product liability (design defect and failure to warn), negligence, and 14 secondary and vicarious liability.3 The following chart shows which claims each Plaintiff asserts against each Defendant: 15 16 17 18 19 20 21 22 23 1 2 3 Cause of Action UCL UCL UCL 4 5 6 7 8 9 FAL FAL CLRA CLRA Negligent Misrepresentation Negligent Misrepresentation On Behalf of All Plaintiffs Opperman Plaintiffs Plaintiffs Except Pirozzi All Plaintiffs Opperman Plaintiffs All Plaintiffs Opperman Plaintiffs All Plaintiffs Opperman Plaintiffs Against Apple Apple App Defendants Apple Apple Apple Apple Apple Apple 24 25 26 27 28 3 Plaintiffs, Apple, and the App Defendants discuss California and Texas common law interchangeably without explanation, often pointing out that both states’ common law is identical with respect to the issues presented by Defendants’ motions to dismiss. The Court has not identified any differences between Texas and California common law on the issues addressed in this Order, and therefore, for the sake of convenience, discusses only California law. 2 1 2 Cause of Action 10 CDAFA 3 11 CFAA 4 12 ECPA 5 13 Wiretap/Invasion of Privacy Act 6 7 8 9 10 United States District Court Northern District of California 11 12 13 14 15 16 17 14 15 16 17 Trespass to Property Texas Theft Liability Act Misappropriation Strict Products Liability: Design Defect 22 Strict Products Liability: Failure to Warn 23 Negligence 18 19 20 21 24 Uniform Fraudulent Transfer Act 25 RICO 26 Secondary and Vicarious Liability Texas Plaintiffs5 Opperman Plaintiffs Opperman Plaintiffs Plaintiffs Except Pirozzi Opperman Plaintiffs Texas Plaintiffs Opperman Plaintiffs Opperman Plaintiffs Against All Defendants App Defendants App Defendants Foodspotting, Instagram, Path, Twitter, and Yelp App Defendants App Defendants App Defendants All Defendants All Defendants App Defendants App Defendants Apple Opperman Plaintiffs Apple Plaintiffs Except Pirozzi Gowalla Plaintiffs Opperman Plaintiffs Opperman Plaintiffs All Defendants Gowalla and Facebook All Defendants All Defendants The following summary of Plaintiffs’ allegations is taken from the complaint. As it must, 18 19 Texas Wiretap Acts Intrusion Upon Seclusion Public Disclosure of Private Facts Conversion On Behalf of Plaintiffs Except Pirozzi Plaintiffs Except Pirozzi Plaintiffs Except Pirozzi CAD Plaintiffs4 the Court accepts the CAC’s allegations as true for purposes of this motion. 20 A. The App Store 21 Apple launched the App Store in 2008, and heavily promoted it in conjunction with its 22 iDevices. CAC ¶ 57. The promotion was successful: the App Store today has over 700,000 apps 23 for iPhone and iPod touch, and 275,000 apps for the iPad. Since 2008, customers have 24 downloaded over forty billion apps. Id. Apple maintains “exclusive domain” and “ultimate control” over the App Store’s 25 26 27 “CAD” Plaintiffs are those who downloaded apps from Foodspotting, Instagram, Path, Twitter, and Yelp. 28 5 4 The Texas Plaintiffs are Beuershasen, Biondi, Dean, Hodgins, Hoffman, King, and Varner. 3 1 offerings. iDevices are designed only to accept apps from the App Store, and Apple decides 2 which apps will be offered, and which will not. CAC ¶ 60. iDevices also come with pre- 3 programmed apps built into the device’s operating system. Among those apps is Apple’s 4 “Contacts” app — a virtual address book. The App Store is another one. CAC ¶ 61. Neither of 5 these built-in apps can be removed by the user. 6 “Apple claims to review each application before offering it to its users, purports to have implemented apps privacy standards, and claims to have created a strong privacy protection for its 8 customers.” CAC ¶ 62. However, some apps offered on the App Store are alleged to have 9 accessed and uploaded information from customers’ iDevices without their knowledge, including 10 contact information. Plaintiffs allege that Apple has failed to safeguard the App Store from such 11 United States District Court Northern District of California 7 apps, while representing to the public that Apple’s products are “safe and secure.” CAC ¶ 64. 12 Apple is “notorious for complete control over its products.” CAC ¶ 87. App developers 13 must submit their apps to Apple for review, and Apple decides whether to offer them on the App 14 Store. To be eligible for inclusion, third-party app developers must register with Apple and agree 15 to the iOS Developer Agreement (“IDA”) and the Program License Agreement (“PLA”), as well 16 as pay a yearly registration fee. CAC ¶ 87–89. Apple reserves the right to reject apps for any 17 reason, and has explicitly reserved the right to reject apps that breach the licensing agreements, 18 provide Apple with inaccurate documents or information, or violate, misappropriate, or infringe 19 the rights of a third party. CAC ¶ 90. After joining the program, app developers use Apple’s 20 software development kit (“SDK”), which provides guidelines and tools for app development. 21 CAC ¶ 91. 22 The App Store Review Guidelines prohibit the transmission of user data without prior 23 permission. CAC ¶¶ 101, 104. However, Plaintiffs allege that Apple’s “iOS Human Interface 24 Guidelines” encourage data theft. The guidelines are meant to guide developers as they create 25 apps for the App Store. Apple tells developers, “don’t force people to give you information you 26 can easily find for yourself, such as their contacts or calendar information,” and “[i]f possible, 27 avoid requiring users to indicate their agreement to your [end user license agreement] when they 28 first start your application. Without an agreement displayed, users can enjoy your application 4 1 2 without delay.” CAC ¶ 212 (emphasis omitted). Plaintiffs allege that “Apple taught Program registrants’ to incorporate forbidden data 3 harvesting functionalities — even for private “contacts” — into their Apps and encouraged 4 Program registrants to design those functions to operate in non-discernible manners that would not 5 be noticed by the iDevice owner. These App Defendants, apparently in accord with Apple’s 6 instructions, did just that with their identified Apps.” CAC ¶ 214. 7 Similarly, Plaintiffs allege: “Apple’s Program tutorials and developer sites [] teach 8 Program registrants how to code and build apps that non-consensually access, manipulate, alter, 9 use and upload the mobile address books maintained on Apple iDevices.” CAC ¶ 190. B. 11 United States District Court Northern District of California 10 Plaintiffs allege that each of the App Defendants developed an app that copied iDevice The Subject Apps 12 users’ contact information without the user’s consent. In February 2012, it was revealed that App 13 Defendant Path’s app, also called “Path,” was uploading users’ contacts and calendar information 14 to its servers without users’ knowledge. Path’s CEO publicly apologized after the practice was 15 made public. CAC ¶ 110. 16 Plaintiffs allege that several popular apps, including those designed by each App 17 Defendant, have accessed and uploaded user data without consent. In some of these cases, the 18 apps accessed user data without any prompt at all. See CAC ¶¶ 112, 136. Path is one such app. 19 In other cases, the apps “surreptitiously accessed and uploaded information from users’ Contacts 20 app through a ‘Find Friends’ feature without disclosing to users that the feature would leave their 21 private information vulnerable to unauthorized download by the third-party app manufacturer.” 22 CAC ¶ 108. 23 The public revelations concerning third parties’ access to users’ private information led 24 Congressmen Waxman and Butterfield to write to Apple and to thirty-four app publishers in 25 February and March of 2012, asking for more information about the practice. CAC ¶¶ 115–17 26 The February letter to Apple noted that Apple’s website at that time represented that 27 iDevice apps “have access to a device’s global data such as contacts in the Address Book,” while 28 Apple’s review guidelines required app developers to gain users’ permission prior to transmitting 5 1 data about a user. CAC ¶ 115. The letter continues: 2 In spite of this guidance, claims have been made that “there’s a quiet understanding among many iOS app developers that it is acceptable to send a user’s entire address book, without their permission, to remote servers and then store it for future reference. It’s common practice, and many companies likely have your address book stored in their database.” One blogger claims to have conducted a survey of developers of popular iOS apps and found that 13 of 15 had a “contacts database with millions of records” — with one claiming to have a database containing “Mark Zuckerberg’s cell phone number, Larry Ellison’s home phone number and Bill Gates’ cell phone number. 3 4 5 6 7 8 9 Id. In March 2012, Senator Schumer called for an investigation by the Federal Trade Commission. CAC ¶ 118. In September 2012, Apple released iOS 6, which updated privacy 11 settings on iDevices in a manner that discloses which apps access users’ contacts, calendars, 12 reminders, photos, and other personal information, and allows users a way to prevent certain apps 13 from accessing certain information. CAC ¶ 120. 14 15 The following chart outlines the apps each Plaintiff alleges he or she downloaded and deployed: 16 28 Yelp! 27 X Twitter 26 X X Path 25 Kik Messenger 24 X Instagram 23 X Hipster 22 Gowalla 21 X X Foursquare 20 Plaintiff Alan Beuershasen Giuli Biondi Lauren Carter Steve Dean Stephanie Dennis-Cooley Jason Green Claire Hodgins Gentry Hoffman Rachelle King Nirali Mandaywala Claire Moses Judy Paul Maria Pirozzi Theda Sandiford Greg Varner Foodspotting 19 Cut The Rope 18 Angry Birds Classic 17 Angry Birds United States District Court Northern District of California 10 X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X 6 X X X X X X X X 1 2 3 4 5 C. Apple’s Representations Plaintiffs allege that “Apple has repeatedly represented that Apple’s products are safe and secure, and that private information could not be accessed by third-party apps without the user’s express consent.” CAC ¶ 64. Throughout the CAC, Plaintiffs identify representations Apple has made on its website, in in-store advertisements, and otherwise, to the effect that iOS is “highly secure,” sometimes in particular with respect to the accessing of data by apps from other apps. 6 See CAC ¶¶ 102–04, 121–123. 7 8 9 For example, when the App Store first launched, Apple’s former CEO Steve Jobs explained, “[t]here are going to be some apps that we’re not going to distribute. Porn, malicious apps, apps that invade your privacy.” CAC ¶ 92. Plaintiffs allege that Apple repeated this refrain 10 continuously during the launch of the App Store, and publicly took action consistent with these United States District Court Northern District of California 11 12 goals. See CAC ¶¶ 93–98. In October 2007, Jobs stated: “It will take until February to release an SDK because we’re trying to do two diametrically opposed things at once — provide an advanced 13 and open platform to developers while at the same time protect iPhone users from viruses, 14 malware, privacy attacks, etc. As our phones become more powerful, these malicious programs 15 16 17 18 19 will become more dangerous.” CAC ¶ 94. At an SDK press conference on March 6, 2008, Jobs repeated that Apple would place limitations on third party apps for “malicious” and “illegal” content in order to address “privacy” concerns. CAC ¶ 93. Apple also “famously refused to integrate Adobe Flash technology” despite user demands. Jobs explained in April 2010 that this decision was made “because of reliability, security, and performance concerns.” CAC ¶ 97. “In 20 sum, Apple has attempted to cultivate a perception that its products are safe and that Apple strives 21 22 23 24 25 26 27 to protect users.” CAC ¶ 99. In September 2011, Apple’s website stated that “iOS 4 is highly secure from the moment you turn on your iPhone. All apps run in a safe environment, so a website or app can’t access data from other apps.” CAC ¶ 102. Apple also assured consumers that, for data-security purposes, “Applications on the device are ‘sandboxed’ so they cannot access data stored by other applications.” CAC ¶ 209. Apple’s “customer privacy policy” states that Apple takes “precautions — including 28 7 1 administrative, technical, and physical measures — to safeguard your personal information against 2 loss, theft, and misuse, as well as against unauthorized access, disclosure, alteration, and 3 destruction.” CAC ¶ 122. Plaintiffs further allege that “[f]rom 2008 to the present, the highest levels of Apple (from 4 5 its founder to its current CEO to its corporate spokespersons) have so consistently expressed 6 publicly that Apple protects its customers’ and iDevice owners’ security and privacy that — 7 though inaccurate — it is ingrained into the image of Apple’s culture, products and offerings as 8 well as in the minds of customers.” CAC ¶ 211. Plaintiffs allege they saw and relied on Apple’s website, in-store advertisements, and 9 television advertising in purchasing their iDevices, and that they would have paid less for their 11 United States District Court Northern District of California 10 devices, or not purchased them at all, had they known they were vulnerable to privacy attacks. 12 See CAC ¶ 125–26. 13 II. LEGAL STANDARDS On a motion to dismiss, the Court accepts the material facts alleged in the complaint, 14 15 together with all reasonable inferences to be drawn from those facts, as true. Navarro v. Block, 16 250 F.3d 729, 732 (9th Cir. 2001). However, “the tenet that a court must accept a complaint’s 17 allegations as true is inapplicable to threadbare recitals of a cause of action’s elements, supported 18 by mere conclusory statements.” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009). To be entitled to 19 the presumption of truth, a complaint’s allegations “must contain sufficient allegations of 20 underlying facts to give fair notice and to enable the opposing party to defend itself effectively.” 21 Starr v. Baca, 652 F.3d 1202, 1216 (9th Cir. 2011), cert. den’d, --- U.S. ----, 132 S.Ct. 2101 22 (2012). 23 To survive a motion to dismiss, a plaintiff must plead “enough facts to state a claim to 24 relief that is plausible on its face.” Bell Atlantic Corp. v. Twombly, 550 U.S. 544, 570 (2007). 25 Plausibility does not mean probability, but it requires “more than a sheer possibility that a 26 defendant has acted unlawfully.” Iqbal, 556 U.S. at 687. “A claim has facial plausibility when the 27 plaintiff pleads factual content that allows the court to draw the reasonable inference that the 28 defendant is liable for the misconduct alleged.” Id. In the Ninth Circuit, “[i]f there are two 8 1 alternative explanations, one advanced by defendant and the other advanced by plaintiff, both of 2 which are plausible, plaintiff’s complaint survives a motion to dismiss under Rule 12(b)(6). 3 Plaintiff’s complaint may be dismissed only when defendant’s plausible alternative explanation is 4 so convincing that plaintiff’s explanation is implausible.” Starr, 652 F.3d at 1216 (original 5 emphasis). 6 In addition, fraud claims are subject to a heightened pleading standard. “In alleging fraud 7 or mistake, a party must state with particularity the circumstances constituting fraud or mistake.” 8 Fed. R. Civ. P. 9(b). The allegations must be specific enough to give a defendant notice of the 9 particular misconduct alleged to constitute the fraud such that the defendant may defend against the charge. Semegen v. Weidner, 780 F.2d 727, 731 (9th Cir. 1985). In general, allegations 11 United States District Court Northern District of California 10 sounding in fraud must contain “an account of the time, place, and specific content of the false 12 representations as well as the identities of the parties to the misrepresentations.” Swartz v. KPMG 13 LLP, 476 F.3d 756, 765 (9th Cir. 2007). However, “[m]alice, intent, knowledge, and other 14 conditions of a person's mind may be alleged generally.” Fed. R. Civ. P. 9(b). 15 Finally, a “Rule 12(b)(1) jurisdictional attack may be facial or factual. In a facial attack, 16 the challenger asserts that the allegations contained in a complaint are insufficient on their face to 17 invoke federal jurisdiction. By contrast, in a factual attack, the challenger disputes the truth of the 18 allegations that, by themselves, would otherwise invoke federal jurisdiction.” Safe Air for 19 Everyone v. Meyer, 373 F.3d 1035, 1039 (9th Cir. 2004) (citation omitted). In resolving a facial 20 attack, courts assume that the allegations are true, and draw all reasonable inferences in the 21 plaintiff’s favor. Wolfe v. Strankman, 392 F.3d 358, 362 (9th Cir. 2004) (citations omitted). “In 22 resolving a factual attack on jurisdiction, the district court may review evidence beyond the 23 complaint without converting the motion to dismiss into a motion for summary judgment. The 24 court need not presume the truthfulness of the plaintiff’s allegations. Once the moving party has 25 converted the motion to dismiss into a factual motion by presenting affidavits or other evidence 26 properly brought before the court, the party opposing the motion must furnish affidavits or other 27 evidence necessary to satisfy its burden of establishing subject matter jurisdiction.” Safe Air, 373 28 F.3d at 1039 (citations omitted). 9 1 2 III. APPLE’S MOTION TO DISMISS Apple moves to dismiss all of Plaintiffs’ claims on Article III standing grounds, as well as each of Plaintiffs’ substantive claims for failure to state a claim upon which relief can be granted. 3 Because Article III standing is a threshold jurisdictional question, the Court will first address 4 Apple’s Rule 12(b)(1) motion to dismiss on the grounds that Plaintiffs lack Article III standing. 5 See Steel Co. v. Citizens for a Better Env., 523 U.S. 83, 94 (1998). 6 7 A. Article III Standing 1. 8 Legal Standards To establish Article III standing, a plaintiff in federal court must meet three requirements. 9 First, the plaintiff must have suffered an “injury in fact” — an invasion of a legally protected 10 interest which is (a) concrete and particularized and (b) actual or imminent, not conjectural or 11 United States District Court Northern District of California hypothetical. Second, there must be a causal connection between the injury and the conduct 12 complained of — the injury has to be fairly traceable to the challenged action of the defendant, 13 and not the result of the independent action of some third party not before the court. Third, it must 14 be likely, as opposed to merely speculative, that the injury will be redressed by a favorable 15 decision. Lujan v. Defenders of Wildlife, 504 U.S. 555, 560–61 (1992). 16 The standing requirements are not pleading requirements. Rather, “each element must be 17 supported in the same way as any other matter on which the plaintiff bears the burden of proof, 18 19 20 i.e., with the manner and degree of evidence required at the successive stages of the litigation.” Id. at 561. Nevertheless, “[a]t the pleading stage, general factual allegations of injury resulting from the defendant’s conduct may suffice.” Id. A “court’s obligation to take a plaintiff at its word at 21 that stage in connection with Article III standing issues is primarily directed at the injury in fact 22 23 and causation issues, not redressability.” Levine v. Vilsack, 587 F.3d 986, 996–97 (9th Cir. 2009) (citing Lujan, 504 U.S. at 561). “[I]t is within the trial court's power to allow or to require the 24 plaintiff to supply, by amendment to the complaint or by affidavits, further particularized 25 allegations of fact deemed supportive of plaintiff's standing.” Warth v. Seldin, 422 U.S. 490, 501– 26 02 (1975). 27 In addition, even when a plaintiff is able to establish Article III standing, prudential 28 10 1 considerations may preclude the exercise of federal jurisdiction. A plaintiff’s claim must fall 2 within the “zone of interests” sought to be protected by the statute or constitutional provision in 3 question. Bond v. United States, ___ U.S. ____, 131 S. Ct. 2355, 2366–67 (2011). That claim 4 must be based on the plaintiff’s own legal rights and interests rather than the legal rights or 5 interests of third parties. Elk Grove Unified School Dist. v. Newdow, 542 US 1, 15 n.7 (2004). 6 And the injury must be individualized, or confined to a discrete group; courts will not adjudicate 7 “‘abstract questions of wide public significance’” amounting only to “‘generalized grievances.’” 8 Valley Forge Christian College v. Americans United for Separation of Church & State, Inc., 454 9 U.S. 464, 474–75 (1982) (quoting Warth, 422 U.S. at 499–50). Finally, in a class action, it is not sufficient for any named plaintiff to rely on the injuries 11 United States District Court Northern District of California 10 suffered by the class to satisfy Article III standing requirements; each named plaintiff must meet 12 the standing requirements, including satisfactorily alleging that each named plaintiff suffered 13 “non-speculative injury.” Lierboe v. State Farm Mut. Auto. Ins. Co., 350 F.3d 1018, 1022 (9th 14 Cir. 2003). 15 2. Injury-in-Fact and Causation Despite the presence of fifteen named Plaintiffs and fifteen Defendants, and the assertion 16 17 of twenty-six causes of action, Plaintiffs’ case is rather simple. Plaintiffs allege that Apple sold 18 them devices that made it possible for third parties to access and copy Plaintiffs’ address books 19 without their knowledge. Plaintiffs allege, with respect to Apple, that they suffered injury in the 20 form of having overpaid for their iDevices, because they would have paid less for their devices, or 21 not purchased them at all, if Apple had disclosed that it had failed adequately to secure the devices 22 from the alleged intrusion. In denying Apple’s second motion to dismiss Plaintiff Pirozzi’s6 claims on standing 23 24 grounds, this Court observed that her alleged overpayment injury satisfied Article III’s injury-in- 25 fact requirement because “palpable economic injuries have long been recognized as sufficient to 26 lay the basis for standing.” Sierra Club v. Morton, 405 U.S. 727, 733–34 (1972); see also Comm. 27 Pirozzi’s action was related to the above-captioned action, and her claims are now grouped in the CAC with the claims of the other fourteen Plaintiffs. 11 6 28 1 v. Reno, 98 F.3d 1121, 1130 (9th Cir. 1996) (“Economic injury is clearly a sufficient basis for 2 standing.”). See Pirozzi v. Apple, Inc., No. 12-cv-01529-JST, ___ F. Supp. 2d ____, 2013 WL 3 4029067, at *4 (N.D. Cal. Aug. 5, 2013) (“Pirozzi II”). Judge Gonzalez Rogers previously 4 reached the same conclusion. See Pirozzi v. Apple, Inc., No. 12-cv-1529-YGR, 913 F. Supp. 2d 5 840, 847 (N.D. Cal. Dec. 20, 2012) (“Pirozzi I”) (“Apple's arguments misconstrue the nature of 6 Plaintiff's allegations . . . . Overpaying for goods or purchasing goods a person otherwise would 7 not have purchased based upon alleged misrepresentations by the manufacturer would satisfy the 8 injury-in-fact and causation requirements for Article III standing.”). 9 Nevertheless, Apple argues that Plaintiffs have not satisfied the causation requirement because no Plaintiff has identified the specific representations made by Apple that form the basis 11 United States District Court Northern District of California 10 of their overpayment theory of liability. The CAC makes the following allegations concerning 12 Apple’s alleged misrepresentations and Plaintiffs’ reliance: 13 [E]ach Plaintiff viewed Apple’s online, in-store, and/or television advertisements. In addition, each Plaintiff relied on Apple’s reputation for safety, cultivated through Apple’s extensive marketing and advertising campaigns. Each Plaintiff purchased an iDevice with the expectation that (i) it would come with a fully functioning App Store, and (ii) that Plaintiff would be able to utilize the “Contacts” function and iDevice apps from the App Store without compromising the security, safety, or control of Plaintiff’s iDevice, mobile address book, or other personal and private information. Indeed, each Plaintiff purchased an iDevice with the expectation that he or she would maintain a mobile address book and receive and use additional add-on apps on his or her iDevice. Had any Plaintiff known that iDevices lacked promised features or that Apple designed the iDevices with known vulnerabilities to unauthorized operations from Apple-issued [third-party] apps, Plaintiffs would not have accepted add-on apps from Apple or the App Store and would have paid less for his or her iDevice. At no time prior to the purchase of Plaintiffs’ iDevice did Apple warn any Plaintiff that the iDevice and its data — particularly the Contacts feature and mobile address book — were vulnerable to unauthorized control and dissemination by third-parties. 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 CAC ¶ 32. Apple’s standing argument fails to appreciate that “the threshold question of whether plaintiff has standing (and the court has jurisdiction) is distinct from the merits of his claim. 12 Rather, ‘[t]he jurisdictional question of standing precedes, and does not require, analysis of the 2 merits.’” Maya v. Centex Corp., 658 F.3d 1060, 1068 (9th Cir. 2011) (quoting Equity Lifestyle 3 Props., Inc. v. Cnty. of San Luis Obispo, 548 F.3d 1184, 1189 n.10 (9th Cir. 2008)). In other 4 words, it is possible that Plaintiffs may file a civil action “‘without suffering dismissal for want of 5 standing to sue,’” even though they are “[un]able to assert a cause of action successfully.”7 In re 6 Facebook Privacy Litig., 791 F. Supp. 2d 705, 712 n.5 (N.D. Cal. 2011) (quoting Doe v. Chao, 7 540 U.S. 614, 624–25 (2004)). See also Warth, 422 U.S. at 500 (standing “in no way depends on 8 the merits of the [ ] contention that particular conduct is illegal.”); Catholic League for Religious 9 and Civil Rights v. City & Cnty. of San Francisco, 624 F.3d 1043, 1049 (9th Cir. 2010) (en banc) 10 (standing analysis may not “be used to disguise merits analysis, which determines whether a claim 11 United States District Court Northern District of California 1 is one for which relief can be granted if factually true.”). For the Court to have jurisdiction over Plaintiffs’ claims, their alleged injury must be 12 13 “‘fairly traceable’” to Apple, and not the result of the “‘independent action of some third party not 14 before the court.’” Lujan v. Defenders of Wildlife, 504 U.S. 555, 560–61 (1992) (quoting Simon 15 v. Eastern Ky. Welfare Rights Organization, 426 U.S. 26, 41–42 (1976)). Plaintiffs’ claims meet 16 that requirement: Plaintiffs allege that Apple misled them through its advertising and failed to 17 disclose material information, that each Plaintiff relied on these misrepresentations or non- 18 disclosures, and that each Plaintiff overpayed for Apple’s products. The requirements to allege 19 standing are not the same as the requirements to plead injury under the substantive law. See Low 20 v. LinkedIn Corp., 900 F. Supp. 2d 1010, 1027 (N.D. Cal. 2012) (holding plaintiffs satisfied 21 Article III standing even though they had failed to allege reliance on particular representations, 22 23 24 25 26 27 28 Apple’s reliance on In re iPhone Application Litig. (“iPhone III”), No. 11-md-2250-LHK, ___ F. Supp. 2d ____, 2013 WL 6212591, at *8 (N.D. Cal. Nov. 25, 2013), underlines the importance of accounting for the stage of litigation at which the Court engages in the standing analysis. After sustaining the plaintiffs’ claims and finding they did not lack standing at the pleading stage, the court in iPhone III granted summary judgment on standing grounds because Apple adduced “specific facts” through discovery that established a lack of evidence of causation, fatally undermining the plaintiffs’ Article III standing. Here, Plaintiffs’ allegations are, at the pleading stage, sufficient to establish standing. That development of the factual record may one day dictate a different result does not alter the Court’s analysis now. 7 13 1 and even though their FAL claims were dismissed with prejudice on that basis).8 2 Plaintiffs are also independently able to establish standing through their statutory claims 3 because “[t]he injury required by Article III can exist solely by virtue of ‘statutes creating legal 4 rights, the invasion of which creates standing.’” Edwards v. First Am. Corp., 610 F.3d 514, 517 5 (9th Cir. 2010) (quoting Fulfillment Servs. Inc. v. United Parcel Serv., Inc., 528 F.3d 614, 618 6 (9th Cir. 2008)). See also Robins v. Spokeo, Inc., No. 11-56843, ___ F.3d ____, 2014 WL 7 407366, at *2–3 (9th Cir. Feb. 4, 2014) (“[T]he violation of a statutory right is usually a sufficient 8 injury in fact to confer standing.”). “The scope of the cause of action determines the scope of the 9 implied statutory right . . . . When, as here, the statutory cause of action does not require proof of actual damages, a plaintiff can suffer a violation of the statutory right without suffering actual 11 United States District Court Northern District of California 10 damages.” Id. (citation omitted). Apple does not respond to this argument, other than to argue 12 that Plaintiffs cannot establish those substantive claims. Apple makes several more arguments concerning the merits of Plaintiffs’ claims, including 13 14 that Plaintiffs have failed to allege their address books were actually uploaded,9 and that Apple is 15 not responsible for the App Defendants’ conduct. None of these arguments affect the Court’s 16 standing analysis and are better left to the question of whether Plaintiffs have failed to state a 17 claim upon which relief can be granted. 18 19 20 21 22 23 24 There is further support in the CAC for Plaintiffs’ standing. Plaintiffs allege that Apple contributed to the theft of address books through its review of App Store submissions, its App Store review guidelines, its software development kit, other sources of guidance Apple makes available to app developers, and through its failure to catch the offending features contained in the apps implicated in this suit. Plaintiffs also assert product liability claims against Apple for its design of iDevices, and for its failure to warn consumers of their alleged defects. Again, the Court notes that the question of whether these allegations suffice to establish any of Plaintiffs’ claims against Apple is separate from the question of whether these allegations are sufficient to invoke the Court’s subject matter jurisdiction. 8 9 25 26 27 28 In fact, the CAC alleges that apps designed by each App Defendant were downloaded by at least one Plaintiff, and that each of those apps has been shown to upload users’ address books without consent after a known set of steps is taken by the user. That Plaintiffs do not allege that their information was, in fact, uploaded is not surprising, since only discovery will reveal whether and how the allegedly widespread practice affected each Plaintiff. But Plaintiffs plausibly allege that they “unwittingly took those steps . . . needed to unwittingly trigger the unnoticeable transmission of their mobile address books.” CAC ¶ 139. 14 1 Finally, relying on In re LinkedIn User Privacy Litig., 932 F. Supp. 2d 1089, 1094 (N.D. 2 Cal. 2013), Apple argues that an overpayment claim cannot survive without an allegation of 3 “something more” than overpaying for a defective product, such as an allegation that the address 4 books were actually stolen. In LinkedIn, the court held that, “in cases where the alleged wrong 5 stems from allegations about insufficient performance or how a product functions, courts have 6 required plaintiffs to allege ‘something more’ than ‘overpaying for a “defective” product.’” In re 7 LinkedIn User Privacy Litig., 932 F. Supp. 2d 1089, 1094 (N.D. Cal. 2013) (citing In re Toyota 8 Motor Corp., 790 F.Supp.2d 1152, 1165 n. 11 (C.D.Cal.2011)). 9 Apple misreads LinkedIn and the cases upon which the LinkedIn court relied. The deficiency in the LinkedIn plaintiffs’ standing was that they were pleading only a difference 11 United States District Court Northern District of California 10 between what they had been promised by LinkedIn and what they had received, i.e., a breach of 12 contract. In re LinkedIn User Privacy Litig., 932 F. Supp. 2d 1089, 1094 (N.D. Cal. 2013) 13 (“Plaintiffs cannot rely solely on the ‘benefit of the bargain’ theory of economic harm to 14 sufficiently meet the requirements for Article III standing”). They did not allege that they had 15 suffered any other separate injury. 16 More relevant here is the decision in In re Toyota Motor Corp., 790 F. Supp. 2d 1152, 17 1165 (C.D. Cal. 2011), on which the LinkedIn court relied. There, the plaintiffs alleged that they 18 relied on Toyota’s “advertisements for Toyota vehicles on television, in magazines, on billboards, 19 in brochures at the dealership, on the Internet, in newspapers, and on banners in front of the 20 dealership,” throughout which “safety and reliability” were a “consistent theme.” Id. at 1161. The 21 plaintiffs also alleged that, had Toyota disclosed the safety defect in its vehicles of which they 22 complained, they would not have purchased their vehicles, or would have paid less for them. 23 Relatedly, they alleged that their vehicles were worth less in the used car market as a consequence 24 of the public revelations concerning the safety defect. The Toyota Motors court rejected many of 25 the same standing arguments Apple advances here because “once the safety defect is sufficiently 26 and plausibly pled by all Plaintiffs, the economic losses resulting from the defect are readily 27 established: defective cars are simply not worth as much.” Id. at 1163. This was so even though 28 the defect had not manifested in all of the plaintiffs’ vehicles. As the Toyota Motors court 15 1 2 3 4 5 6 7 explained, When the economic loss is predicated solely on how a product functions, and the product has not malfunctioned, the Court agrees that something more is required than simply alleging an overpayment for a “defective” product . . . . [T]hat “something more” could be allegations based on market forces. It could also be based on sufficiently detailed, non-conclusory allegations of the product defect. Id. at 1165 n.11. Here, the Court finds that Plaintiffs’ allegations concerning the offending feature of the 8 product — design that enables third parties to take address book information without consent — 9 supply the “something more” that is required. Whether Plaintiffs’ product liability claims state a 10 claim upon which relief can be granted is a separate question the Court addresses below. United States District Court Northern District of California 11 Separately, Plaintiffs allege injury-in-fact to their property rights in their address books, as 12 distinct from the economic injury of overpayment for their iDevices, as support for their common 13 law conversion and trespass claims. The Court discusses this allegation in connection with the 14 App Defendants’ motion to dismiss in more detail infra, Part IV.A. For the reasons discussed in 15 that section, the Court finds that Plaintiffs lack Article III standing based on any injury to their 16 property rights in their address books. For this reason, the Court will dismiss Plaintiffs’ common 17 law claims against Apple for conversion and trespass. 18 3. Non-Resident Plaintiffs 19 Apple also argues that the non-resident Plaintiffs lack standing to assert California 20 statutory claims. That argument “conflate[s] two issues: the extraterritorial application of 21 California consumer protection laws (or the ability of a nonresident plaintiff to assert a claim 22 under California law), and choice-of-law analysis . . . .” Forcellati v. Hyland’s, Inc., 876 F. Supp. 23 2d 1155, 1160 (C.D. Cal. 2012). “Whether a nonresident plaintiff can assert a claim under 24 California law is a constitutional question based on whether California has sufficiently significant 25 contacts with the plaintiff's claims.” Id. (citing Mazza v. American Honda Motor Co., 666 F.3d 26 581, 589 (9th Cir. 2012)). In Mazza, for example, “California ha[d] a constitutionally sufficient 27 aggregation of contacts to the claims of each putative class member . . . because Honda's corporate 28 headquarters, the advertising agency that produced the allegedly fraudulent misrepresentations, 16 1 and one fifth of the proposed class members [were] located in California.” Mazza, 666 F.3d at 2 589. In Forcellati, the fact that the defendant was alleged to be headquartered in Los Angeles led 3 the court to conclude that “application of California law poses no constitutional concerns.” 4 Forcellati, 876 F. Supp. 2d at 1160. Apple’s arguments here were recently rejected by Judge Wilken in another case arising out 6 of Apple’s marketing activities. See In re iPhone 4S Consumer Litig., No. 12-cv-1127-CW, 2013 7 WL 3829653, at *7–8 (N.D. Cal. July 23, 2013). There, the plaintiffs “alleged that their injuries 8 were caused by Apple's wrongful conduct in false advertising that originated in California.” Id. at 9 *7. Judge Wilken noted that the presumption against the extraterritoriality of California law does 10 not apply where the misconduct occurs in California. See Wershba v. Apple Computer, Inc., 91 11 United States District Court Northern District of California 5 Cal. App. 4th 224, 243 (2001) (California statutes apply to “non-California members of a 12 nationwide class where the defendant is a California corporation and some or all of the challenged 13 conduct emanates from California.”). Judge Wilken also distinguished In re Apple & AT&T iPad 14 Unlimited Data Plan Litig., 802 F. Supp. 2d 1070, 1076 (N.D. Cal. 2011), upon which Apple also 15 relies here, because in that case, unlike here, a contractual choice-of-law clause selected the law of 16 each customer’s state of residence. The Court agrees with Judge Wilken’s careful analysis in the 17 iPhone 4S decision. 18 Apple relies heavily on Sullivan v. Oracle Corp., 51 Cal. 4th 1191, 1209 (2011), for 19 support. Sullivan concerned an overtime claim asserted under the unlawful prong of the UCL, the 20 predicate offense for which was a violation of the federal Fair Labor Standards Act (“FLSA”).10 21 The plaintiffs alleged that the employer had made the decision to mis-classify workers in 22 California. Noting that “the UCL reaches any unlawful business act or practice committed in 23 California,” the court found that “for an employer to adopt an erroneous classification policy is not 24 unlawful in the abstract.” Id. at 1208. Consequently, the court held that the UCL “does not apply 25 to overtime work performed outside California for a California-based employer by out-of-state 26 plaintiffs in the circumstances of this case based solely on the employer's failure to comply with 27 28 10 The Ninth Circuit had certified the question for the California Supreme Court to answer. 17 1 the overtime provisions of the FLSA.” Id. Thus, the California Supreme Court’s holding (1) did 2 not undermine the established presumption that nonresident plaintiffs may assert California claims 3 to address unlawful conduct committed in California by a California resident; and (2) was limited 4 to the FLSA overtime pay context because the work is “performed outside California.” Other 5 courts have come to the conclusion, as this Court does, that Sullivan provides no support for the 6 argument that a national class cannot assert California fraud claims against a California 7 corporation for its misleading marketing. See, e.g., Gross v. Symantec Corp., No. 12-cv-154- 8 CRB, 2012 WL 3116158, at *7 n.10 (N.D. Cal. July 31, 2012); Parkinson v. Hyundai Motor 9 America, 258 F.R.D. 580, 598 (C.D. Cal. 2008). 10 The Court notes that Apple has not argued that the Court should apply the law of each United States District Court Northern District of California 11 plaintiff’s home state to her claims, and the Court does not reach the question of whether it should. 12 The Court only concludes that it is constitutional for the nonresident Plaintiffs to assert California 13 statutory claims against Apple based on Apple’s conduct in California. For this reason, Apple’s 14 reliance on the choice-of-law analysis in In re Sony Gaming Networks & Customer Data Sec. 15 Breach Litig., 903 F. Supp. 2d 942 (S.D. Cal. 2012), and Frezza v. Google, Inc., No. 12-cv-237- 16 RMW, 2013 WL 1736788, at *5 (N.D. Cal. Apr. 22, 2013), is misplaced. The question of whether 17 the CAC presents a certifiable class under Mazza, and in particular, how a choice-of-law analysis 18 would affect class certification, is a question for another day. 19 B. 20 Apple moves to dismiss all of Plaintiffs’ claims against it, except those premised on Communications Decency Act 21 Apple’s alleged misrepresentations, on the ground that the Communications Decency Act 22 (“CDA”), 47 U.S.C. § 230, bars Plaintiffs’ claims. Section 230(c)(1) provides: “No provider or 23 user of an interactive computer service shall be treated as the publisher or speaker of any 24 information provided by another information content provider.” Section 230(c)(2) provides: 25 26 27 28 No provider or user of an interactive computer service shall be held liable on account of-(A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or 18 1 2 3 4 5 6 7 8 9 10 United States District Court Northern District of California 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 otherwise objectionable, whether or not constitutionally protected; or such material is (B) any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in [section 230(c)(1)]. Pursuant to the Act, an “interactive computer service” is “any information service, system, or access software provider that provides or enables computer access by multiple users to a computer server, including specifically a service or system that provides access to the Internet and such systems operated or services offered by libraries or educational institutions.” 47 U.S.C. § 230(f)(2). An “information content provider” is “any person or entity that is responsible, in whole or in part, for the creation or development of information provided through the Internet or any other interactive computer service.” 47 U.S.C. § 230(f)(3). Congress enacted these provisions as part of the Communications Decency Act of 1996 “for two basic policy reasons: to promote the free exchange of information and ideas over the Internet and to encourage voluntary monitoring for offensive or obscene material. Carafano v. Metrosplash.com, Inc., 339 F.3d 1119, 1122 (9th Cir. 2003). “In light of these concerns, reviewing courts have treated § 230(c) immunity as quite robust, adopting a relatively expansive definition of ‘interactive computer service’ and a relatively restrictive definition of ‘information content provider.’ Under the statutory scheme, an ‘interactive computer service’ qualifies for immunity so long as it does not also function as an ‘information content provider’ for the portion of the statement or publication at issue.” Id. at 1123 (footnotes omitted). Nevertheless, neither section 230(c) nor any other subsection in the CDA “declares a general immunity from liability deriving from third-party content.” Barnes v. Yahoo!, Inc., 570 F.3d 1096, 1100 (9th Cir. 2009). Instead, to determine whether the CDA operates as a bar to civil liability, courts must determine whether “a plaintiff's theory of liability would treat a defendant as a publisher or speaker of third-party content.” Id. at 1101. “[W]hat matters is not the name of the cause of action — defamation versus negligence versus intentional infliction of emotional distress — what matters is whether the cause of action inherently requires the court to treat the defendant as the ‘publisher or speaker’ of content provided by another. To put it another way, courts must 28 19 1 ask whether the duty that the plaintiff alleges the defendant violated derives from the defendant's 2 status or conduct as a ‘publisher or speaker.’ If it does, section 230(c)(1) precludes liability.” Id. 3 at 1101–02. 4 Determining whether a defendant is a “publisher” requires further definition of that term. 5 The Ninth Circuit has held that “publication involves reviewing, editing, and deciding whether to 6 publish or to withdraw from publication third-party content.” Id. at 1102. “[A] publisher reviews 7 material submitted for publication, perhaps edits it for style or technical fluency, and then decides 8 whether to publish it.” Id. Despite Plaintiffs’ arguments to the contrary,11 “it is immaterial 9 whether this decision comes in the form of deciding what to publish in the first place or what to remove among the published material. This is particularly so in the context of the internet, where 11 United States District Court Northern District of California 10 material can be ‘posted’ and ‘unposted’ with ease.” Id. at 1102 n.8 (citing Batzel v. Smith, 333 12 F.3d 1018, 1032 (9th Cir. 2003)). Cf. Batzel v. Smith, 333 F.3d 1018, 1032 (9th Cir. 2003) (“A 13 distinction between removing an item once it has appeared on the Internet and screening before 14 publication cannot fly [].”). By contrast, the CDA does not bar claims against “information content providers.” An 15 16 entity “that is responsible, in whole or in part, for the creation or development” of the allegedly 17 offending information is not entitled to the CDA’s protection. “Development” refers “not merely 18 to augmenting the content generally, but to materially contributing to its alleged unlawfulness.” 19 Fair Hous. Council of San Fernando Valley v. Roommates.Com, LLC, 521 F.3d 1157, 1167–68 20 (9th Cir. 2008). Thus, “providing neutral tools to carry out what may be unlawful or illicit 21 searches does not amount to ‘development’ for purposes of the immunity exception.” Id. at 1169. 22 Nor does inoffensive editing for spelling errors, removing obscenity, or trimming for length. 23 However, “a website operator who edits in a manner that contributes to the alleged illegality — 24 such as by removing the word ‘not’ from a user's message reading ‘[Name] did not steal the 25 artwork’ in order to transform an innocent message into a libelous one — is directly involved in 26 the alleged illegality and thus not immune.” Id. 27 Plaintiffs argue that the CDA protects only an interactive computer service’s decision to exclude offensive content. 20 11 28 Prior to the relation of Plaintiff Pirozzi’s action against Apple to the above-captioned 1 2 Opperman action, Apple moved to dismiss Pirozzi’s claims pursuant to the same provisions of the 3 CDA. Judge Gonzalez Rogers denied Apple’s motion on two bases. First, she found that 4 Pirozzi’s fraud and misrepresentation claims against Apple arising out of Apple’s conduct or 5 failure to disclose were “not predicated solely upon Apple's approving and distributing Apps via 6 its online App Store.” Pirozzi v. Apple Inc., 913 F. Supp. 2d 840, 849 (N.D. Cal. 2012). Thus, 7 the CDA did not bar those claims. Second, the court held that it was premature to consider the 8 application of the CDA at the pleading stage based on the “scant record” then before the court 9 because “if Apple is responsible for the ‘creation or development of [the] information’ at issue, 10 then Apple functions as an ‘information content provider’ unprotected by the CDA.” Id. Here, Apple expressly excludes from its CDA argument any application to Plaintiffs’ fraud United States District Court Northern District of California 11 12 and misrepresentation claims, in recognition of Judge Gonzalez Rogers’ first conclusion. With 13 respect to her second conclusion, Apple argues that the CAC, which reproduces many of the 14 allegations in Pirozzi and supplements them with others, contains sufficient allegations from 15 which the Court can now conclude that the CDA bars the remainder of Plaintiffs’ claims against 16 Apple. Plaintiffs again maintain that resolution of the CDA issue must await a later stage of the 17 case. 18 The cases do not describe a one-size-fits all rule for when to apply the CDA. In some 19 cases the applicability of the CDA is “apparent from the face of the complaint”; in others, it is not. 20 Evans v. Hewlett-Packard Co., No. 13-cv-02477-WHA, 2013 WL 5594717, at *3 (N.D. Cal. Oct. 21 10, 2013) (quoting Goddard v. Google, Inc., 640 F. Supp. 2d 1193, 1200 n.5 (N.D. Cal. 2009)). 22 Here, the Court need not await further discovery before addressing Apple’s CDA argument, 23 because the CAC already pleads sufficient conduct to classify Apple as an “information content 24 provider” whose conduct is not protected by the CDA. 25 For example, Plaintiffs allege that Apple’s “iOS Human Interface Guidelines” encourage 26 data theft. The guidelines are meant to guide developers as they create apps for the App Store. 27 Among the guidelines are several suggestions that do, on their face, appear to encourage the 28 practices Plaintiffs complain of in this case. For example, Apple tells developers, “don’t force 21 people to give you information you can easily find for yourself, such as their contacts or calendar 2 information,” and “[i]f possible, avoid requiring users to indicate their agreement to your [end user 3 license agreement] when they first start your application. Without an agreement displayed, users 4 can enjoy your application without delay.” CAC ¶ 212 (emphasis omitted). Based on these 5 passages from the guidelines, Plaintiffs allege: “Apple taught Program registrants’ to incorporate 6 forbidden data harvesting functionalities — even for private “contacts” — into their Apps and 7 encouraged Program registrants to design those functions to operate in non-discernible manners 8 that would not be noticed by the iDevice owner. These App Defendants, apparently in accord with 9 Apple’s instructions, did just that with their identified Apps.” CAC ¶ 214. Similarly, Plaintiffs 10 allege: “Apple’s Program tutorials and developer sites [] teach Program registrants how to code 11 United States District Court Northern District of California 1 and build apps that non-consensually access, manipulate, alter, use and upload the mobile address 12 books maintained on Apple iDevices.” CAC ¶ 190. These allegations target conduct that goes beyond the traditional editorial functions of a 13 14 publisher, and beyond providing “neutral tools to carry out what may be unlawful or illicit” 15 conduct.12 Apple’s alleged conduct potentially constitutes contribution to the alleged illegality in 16 It is worth noting that not all of Plaintiffs’ allegations concerning Apple’s conduct fall outside the CDA. For example, Plaintiffs’ assertion that Apple “provides third-party developers with review guidelines, and conducts a review of all applications submitted for inclusion in the App Store for compliance with these documents,” CAC ¶ 89, is identical to an allegation regarding the app distributor in Evans, which that court found insufficient to support the plaintiff’s claim that the distributor was also a co-creator. See Evans, 2013 WL 5594717, at *4 (“plaintiffs allege that defendants ‘[m]andated specific “Application Content Criteria” for all content of the App,’ ‘[m]andated “App Naming Guidelines” for the App,’ and ‘[m]andated technical criteria for the App’”). 12 17 18 19 20 21 22 23 24 25 26 27 28 Apple’s role as an app publisher, including its promulgation of review guidelines, its review of all apps submitted to the App Store, and its enforcement of its guidelines, is fundamental “publisher” activity protected by the CDA. Plaintiffs’ allegations that Apple has failed to remove offending apps from the App Store, CAC ¶ 90, and that it encourages consumers to download third-party apps and advertises third-party apps in order to sell its devices are similarly subject to the CDA’s protections. Plaintiffs’ allegations concerning the software development kit also fall under the CDA, because the kit is alleged to be nothing more than a “neutral tool” which app developers can use either lawfully or unlawfully. Nothing in the CAC suggests that the kit itself contributes to the practice of taking contact databases without consent. The kit, technologically speaking, makes that 22 1 a manner that invokes the “information content provider” exception to the CDA’s protections. See 2 Roommates.Com, 521 F.3d at 1167–68. At this juncture, the Court therefore cannot conclude that 3 Plaintiffs’ theories of liability deriving from Apple’s encouragement of the harvesting of contact 4 information without obtaining consent from the user are not barred by the CDA. See, e.g., Swift 5 v. Zynga Game Network, Inc., No. 09-cv-05443-SBA, 2010 WL 4569889, at *4–6 (N.D. Cal. 6 Nov. 3, 2010) (allegation that video game developer encouraged the creation of and consumption 7 of special offer “scams” were sufficient at pleading stage). 8 C. 9 Apple groups as “misrepresentation claims” Plaintiffs’ UCL, FAL, CLRA, and negligent Misrepresentation Claims misrepresentation claims. Apple argues that each claim fails as a matter of law because, according 11 United States District Court Northern District of California 10 to Apple, “not once in the 166-page pleading does a single Plaintiff identify any specific 12 misrepresentation that he or she actually saw and relied upon in purchasing an Apple device.” 13 ECF No. 395 at 23. Plaintiffs’ misrepresentation claims are subject to Rule 9(b)’s requirement that fraud 14 15 claims be pleaded with particularity.13 Plaintiffs’ allegations must therefore include “an account 16 of the time, place, and specific content of the false representations as well as the identities of the 17 parties to the misrepresentations.” Swartz v. KPMG LLP, 476 F.3d 756, 765 (9th Cir. 2007). The 18 purpose of this requirement is to provide the defendant with adequate notice of the claims against 19 it; plaintiffs must allege “‘what is false or misleading about a statement, and why it is false.’” 20 Vess v. Ciba-Geigy Corp. USA, 317 F.3d 1097, 1106 (9th Cir. 2003) (quoting In re GlenFed, Inc. 21 Sec. Litig., 42 F.3d 1541, 1548 (9th Cir. 1994)). 22 Plaintiffs must also adequately plead injury and causation. To have standing under the 23 UCL, a plaintiff must have suffered an injury in fact and “lost money or property as a result of 24 25 26 practice possible, but it also allows for developers to ask for permission first, rendering the tool “neutral” in nature. 27 13 28 Rule 9(b) does not apply to Plaintiffs’ UCL claims for “unlawful” business practices to the extent these claims are grounded on something other than fraud. 23 1 such unfair competition.” Hall v. Time Inc., 158 Cal. App. 4th 847, 849 (2008). The standing 2 requirement is substantially similar in this context for Plaintiff’s CLRA and FAL claims.14 See 3 Kwikset Corp. v. Super. Ct., 51 Cal. 4th 310, 322 (2011) (a plaintiff must “establish a loss or 4 deprivation of money or property sufficient to qualify as injury-in-fact” under the UCL and FAL); 5 Meyer v. Sprint Spectrum L.P., 45 Cal. 4th 634, 646 (2009) (“[I]n order to bring a CLRA action, 6 not only must a consumer be exposed to an unlawful practice, but some kind of damage must 7 result.”). And for negligent misrepresentation claims, a plaintiff must establish detrimental 8 reliance. For all of Plaintiffs’ misrepresentation claims, the parties agree that “[w]ithout such 9 reliance, there is no recovery.” Bily v. Arthur Young & Co., 3 Cal. 4th 370, 413 (1992). Nevertheless, “[w]hile a plaintiff must show that the misrepresentation was an immediate 11 United States District Court Northern District of California 10 cause of the injury-producing conduct, the plaintiff need not demonstrate it was the only cause.” 12 In re Tobacco II Cases, 46 Cal. 4th 298, 326 (2009). “Moreover, a presumption, or at least an 13 inference, of reliance arises wherever there is a showing that a misrepresentation was material.” 14 Engalla v. Permanente Med. Grp., Inc., 15 Cal. 4th 951, 977 (1997). A misrepresentation is 15 material if a reasonable person “would attach importance to its existence or nonexistence in 16 determining his choice of action in the transaction in question”; materiality is therefore ordinarily 17 a question of fact unless the “fact misrepresented is so obviously unimportant that the jury could 18 not reasonably find that a reasonable man would have been influenced by it.” Id. (quotations and 19 citations omitted). 20 1. Specific Representations 21 In many consumer fraud cases, courts require a plaintiff to identify and describe the 22 specific alleged misrepresentations that each plaintiff saw or heard, and upon which each plaintiff 23 relied. Indeed, in granting Apple’s first motion to dismiss Plaintiff Pirozzi’s complaint, Judge 24 Gonzalez Rogers held that Pirozzi’s failure to “provide the particulars of her own experience 25 26 27 28 14 Whether a party has Article III standing to bring a cause of action in federal court is a different analysis than whether the plaintiff has adequately established statutory standing under California's UCL, CLRA, or FAL. Two Jinn, Inc. v. Gov't Payment Serv., Inc., No. 09-CV-2701-JLS, 2010 WL 1329077, at *3 (S.D. Cal. Apr. 1, 2010). 24 1 reviewing or relying upon any” of the misrepresentations identified in her complaint was fatal to 2 her claims. Pirozzi I, 913 F. Supp. 2d at 850. This Court denied Apple’s second motion to 3 dismiss based on Pirozzi’s identification of the specific representations she saw and relied upon, 4 which representations are also alleged here. Pirozzi II, 2013 WL 4029067, at *6–7. Apple now 5 argues that the Court’s prior order was based on a misreading of Pirozzi’s allegations and renews 6 its motion to dismiss. 7 Having again examined Pirozzi’s allegations, the Court now concludes that its prior 8 decision regarding reliance was in error. In her Second Amended Complaint, Pirozzi alleged that 9 Apple’s website contained the same representations discussed here, including the representation that “[a]ll apps run in a safe environment, so a website or app can’t access data from other apps.”15 11 United States District Court Northern District of California 10 Pirozzi II, 2013 WL 4029067, at *7. In its Order, the Court stated: “Plaintiff also alleges that she 12 relied on that statement in making her purchasing decision.” Id. In actuality, however, Pirozzi did 13 not allege that she relied on the statement; rather, she alleged only that she “visited Apple’s 14 website,” not that she read the particular representations she alleged were misleading. Pirozzi v. 15 Apple Inc., No. 12-cv-1529-JST, ECF No. 29 ¶ 10 (filed Jan. 22, 2013). Therefore, Pirozzi’s 16 allegations of reliance were inadequate. 17 The CAC suffers from the same defect. It repeats the identical allegations made in 18 Pirozzi’s Second Amended Complaint, and repeats the allegation that Pirozzi “viewed the Apple 19 website.” CAC ¶¶ 121–25. In the next paragraph, the CAC further alleges: “Likewise, each of the 20 other Plaintiffs visited Apple’s website . . . .” What the CAC fails to do is connect any specific 21 Plaintiff to any specific representation. The Court now concludes, even reading the complaint in 22 the light most favorable to Plaintiffs, that Plaintiffs have failed to allege that any one of them saw 23 any particular representation. 24 25 26 27 28 The Court rejects Apple’s argument that this statement is not actionable because it is literally true. The CAC alleges that, although it comes pre-loaded on iDevices, the Contacts app is an app like any other. 15 25 2. 1 Pleading a Long-Term and Extensive Advertising Campaign Recognizing that the few specific representations relied upon by this Court in denying 2 Apple’s second motion to dismiss Pirozzi’s complaint form a narrow basis upon which to base this 3 action, Plaintiffs now largely rest their misrepresentation claims on a different basis: that Apple 4 allegedly engaged in a long-standing, widespread advertising campaign that created a reputation 5 for safety and reliability. In re Tobacco II, 46 Cal. 4th at 328 (“where, as here, a plaintiff alleges 6 exposure to a long-term advertising campaign, the plaintiff is not required to plead with an 7 unrealistic degree of specificity that the plaintiff relied on particular advertisements or 8 statements”). 9 The named plaintiffs in In re Tobacco II alleged that the tobacco industry defendants 10 conducted “a decades-long campaign of deceptive advertising and misleading statements about the 11 United States District Court Northern District of California addictive nature of nicotine and the relationship between tobacco use and disease.” Id. at 306. In 12 concluding that the plaintiffs did not need to identify the specific statements upon which they 13 relied, the California Supreme Court relied in part on a similar decision in Whiteley v. Philip 14 Morris Inc., 117 Cal. App. 4th 635, 680–82 (2004). 15 In Whiteley, the California Court of Appeal affirmed a jury verdict in favor of the plaintiff, 16 the husband of a woman who was a smoker and died of lung cancer. The tobacco industry 17 defendants argued on appeal that the plaintiff had failed to present sufficient evidence of reliance 18 to support the verdict. In particular, the defendants argued, as Apple does here, “that the evidence 19 did not show that Whiteley heard any specific misrepresentation or false promise made by either 20 defendant.” They further argued: “‘it is not enough that the plaintiff heard the alleged 21 misrepresentation at some unidentified time from some unidentified source. Instead, the plaintiff 22 must identify a specific misrepresentation that was actually communicated to the plaintiff (directly 23 or indirectly).’” Id. at 680. The Whiteley court expressly rejected that argument and held that the 24 plaintiff “did not have to prove that she saw or heard any specific misrepresentations of fact or 25 false promises that defendants made or that she heard them directly from defendants or their 26 agents. It was sufficient that the statements were issued to the public with the intent that they 27 reach smokers and potential smokers and that Whiteley, as a member of the intended target 28 26 1 2 population, heard them.” Id. at 680–81. Relying on section 533 of the Restatement Second of Torts, the court held that the trial 3 court had correctly instructed the jury on this question as follows: “One who makes a 4 misrepresentation or false promise or conceals a material fact is subject to liability if he or she 5 intends that the misrepresentation or false promise or concealment of a material fact will be passed 6 on to another person and influence such person's conduct in the transaction involved . . . . One 7 who makes a misrepresentation or false promise or conceals a material fact with the intent to 8 defraud the public or a particular class of persons is deemed to have intended to defraud every 9 individual in that category who is actually misled thereby.” Id. at 681. The Whiteley court 10 affirmed the jury’s verdict in favor of the plaintiff because the tobacco defendants’ statements United States District Court Northern District of California 11 were intended to reassure smokers and potential smokers about the health hazards of smoking and to convey that safety message. That was exactly the message Whiteley received. Defendants' and their agents' multifarious misrepresentations regarding the unsettled state of knowledge and the unreliability of any link between cigarette smoking and serious disease were made with the intention and expectation that these misrepresentations would circulate among and influence the conduct of all smokers and prospective smokers. They were heard by or passeasd on to Whitel[e]y, who believed them. 12 13 14 15 16 17 18 19 20 21 22 23 Id. at 681–82. While several courts have considered whether to apply Tobacco II so as to relieve an individual plaintiff of the need to plead that she viewed and relied on a specific misrepresentation, the cases in the aggregate do not define any bright line rules. A review of the jurisprudence, however, has led the Court to identify the following factors in determining whether to apply Tobacco II. First, to state the obvious, a plaintiff must allege that she actually saw or heard the 24 defendant’s advertising campaign. See, e.g., Pfizer Inc. v. Super. Ct., 182 Cal. App. 4th 622, 632 25 (2010) (“[A]lthough Pfizer ran four different television commercials with the ‘as effective as 26 27 28 floss’ campaign, the commercials did not run continuously and there is no evidence that a majority of Listerine consumers viewed any of those commercials.”); Herrington, 2010 WL 3448531, at *8 (“Plaintiffs have not plead that they viewed any of Defendants' advertising, let alone a ‘long-term 27 1 advertising campaign’ by Defendants”); Delacruz v. Cytosport, Inc., No. 11-cv-3532-CW, 2012 2 WL 2563857, at *9 (N.D. Cal. June 28, 2012) (“Cytosport II”) (“Plaintiff has not alleged reliance 3 in connection with the advertising campaign because she has not claimed that she saw and relied 4 on any of the advertising, apart from the product websites and television ads”). Second, the advertising campaign at issue should be sufficiently lengthy in duration, and 5 6 widespread in dissemination, that it would be unrealistic to require the plaintiff to plead each 7 misrepresentation she saw and relied upon. Compare Tobacco II, 46 Cal. 4th at 306 (plaintiffs 8 excused from pleading specific reliance where advertising campaign lasted for “decades”); Comm. 9 On Children's Television, Inc. v. Gen. Foods Corp., 35 Cal. 3d 197, 205–07 (1983) (superseded on other grounds) (advertising campaign was on television daily and lasted four years),16 with In re 11 United States District Court Northern District of California 10 iPhone 4S, 2013 WL 3829653, at *12 (“The campaign was only about six months old when the 12 CCAC was filed . . . . Plaintiffs have not alleged that the campaign here was comparable to that at 13 issue in Tobacco II.); Delacruz v. Cytosport, Inc., No. 11-cv-3532-CW, 2012 WL 1215243, at *8 14 (N.D. Cal. Apr. 11, 2012) (“Cytosport I”) (“Plaintiff has failed to allege that Defendant's 15 advertising campaign approached the longevity and pervasiveness of the marketing at issue in 16 Tobacco II”); Cytosport II, 2012 WL 2563857, at *9 (“The additional allegations regarding the 17 scope of the advertising campaign do not establish that the advertising campaign was as lengthy or 18 pervasive as the tobacco campaign”); In re Yasmin & Yaz (Drospirenone) Mktg., Sales Practices 19 & Products Liab. Litig., No. 09-md-02100-DRH, 2012 WL 865041, at *9 n.20 (S.D. Ill. Mar. 13, 20 2012) (in class certification context, distinguishing Tobacco II because advertising campaign 21 lasted only eighteen months and involved two advertisements and one corrective advertisement 22 that may have been viewed by class members). How long and how extensive the advertising 23 campaign must be is a fact-intensive inquiry; some campaigns will be too short, such as the six- 24 25 26 27 28 Children’s Television was decided before Tobacco II, but is included here because it employs a similar analysis. The court there found that in light of defendants’ “large scale program of deceptive advertising in which the specific advertisements change constantly,” it would be impractical to require plaintiffs to plead the specifics of each advertisement. Children's Television, 35 Cal. 3d at 214. 16 28 1 month campaign in iPhone 4S, and others will be insufficiently extensive, such as the two 2 advertisements in In re Yasmin & Yaz, published over the course of eighteen months. 3 Third, a plaintiff seeking to take advantage of the exception should describe in the 4 complaint, and preferably attach to it, a “representative sample” of the advertisements at issue in 5 order adequately to notify the defendant of the precise nature of the misrepresentation claim — 6 that is, what, in particular, the defendant is alleged to have said, and how it was misleading. For 7 example, in Children's Television, 35 Cal. 3d at 205–07, the court held that a trial court “could 8 reasonably require plaintiffs to set out or attach a representative selection of advertisements, to 9 state the misrepresentations made by those advertisements, and to indicate the language or images upon which any implied misrepresentations are based.” Id. at 218. In the California Supreme 11 United States District Court Northern District of California 10 Court’s view, that requirement “represents a reasonable accommodation between defendants' right 12 to a pleading sufficiently specific ‘that the court can ascertain for itself if the representations . . . 13 were in fact material, and of an actionable nature,’ and the importance of avoiding pleading 14 requirements so burdensome as to preclude relief in cases involving multiple misrepresentations.” 15 Id. (citation omitted). Fourth, the degree to which the alleged misrepresentations contained within the advertising 16 17 campaign are similar to each other, or even identical, is also an important factor.17 For example, 18 in Ticketmaster L.L.C. v. RMG Technologies, No. 07-cv-2534-ABC, 2007 WL 2989504, at *3 19 (C.D. Cal. Oct. 12, 2007), Ticketmaster alleged that the defendant had marketed and sold an 20 application that enabled customers to violate the Terms of Use and circumvent the security 21 measures on Ticketmaster’s website by purchasing large quantities of tickets. Because the 22 complaint adequately alleged that the defendant aided and abetted its customers’ “same false 23 promise” thousands of times, the court held it was not necessary for the plaintiff to identify “each 24 instance of this alleged fraud, or each and every individual involved.” Instead, it was sufficient to 25 identify “to the extent possible the persons involved . . . and set out a time frame for the repeated 26 misrepresentations.” Id. Although Ticketmaster did not arise in the advertising context, it 27 This does not mean that the representations must be identical. In both Children’s Television and Tobacco II, the advertisements at issue were “similar by category.” 29 17 28 1 nevertheless provides helpful guidance for the Court in determining the circumstances that may 2 allow a plaintiff to exercise the advertising campaign exception recognized in In re Tobacco II. 3 Indeed, the decision in In re Tobacco II, itself, yields the rule that if a plaintiff alleges a long-term 4 advertising campaign, the advertisements at issue should be similar enough to be considered as 5 part of one campaign, or the delivery of a single message or set of messages, rather than a 6 disparate set of advertising content published in the ordinary course of commerce. 7 Fifth, in the absence of specific misrepresentations, a complaint subject to Rule 9(b)’s 8 requirements should plead with particularity, and separately, when and how each named plaintiff 9 was exposed to the advertising campaign. It is not sufficient to plead as a group, nor is it sufficient simply to allege general exposure without more detail. The facts in In re Tobacco II 11 United States District Court Northern District of California 10 contained such detail. So too in Morgan v. AT&T Wireless Servs., Inc., 177 Cal. App. 4th 1235, 12 1257–58 (2009), where the plaintiffs alleged that when considering purchasing T68i mobile 13 phones from AT&T Wireless, “they each conducted research in which they encountered AT&T 14 advertisements and press releases explaining the advanced features of the T68i and the 15 improvements AT&T was making and was going to make to its GMS/GPRS network.” They also 16 alleged they were exposed to similar representations at the AT&T store when they purchased their 17 phones and service plans, “and that they relied upon their research (including information from the 18 AT&T advertisements and press releases, and the in-store representations) in deciding to purchase 19 the T68i from AT&T.” Id. Within a “relatively short period of time” after purchasing their 20 phones, and despite AT&T’s marketing concerning the upgrades to its network, AT&T performed 21 upgrades on the network that it knew would render the T68i phones “essentially useless.” 22 AT&T moved to dismiss because the plaintiffs had failed to identify specific 23 misrepresentations. The court held that the allegations supported the plaintiffs’ various 24 misrepresentation claims, including the UCL, CLRA, FAL, and common law fraud, because the 25 plaintiffs 26 27 28 were not required, as AT&T asserts, to plead the specific advertisements or representations they relied upon in making their decisions to purchase the T68i . . . . Although the advertising campaign alleged in this case was not as long-term a campaign as the tobacco companies' campaign discussed in Tobacco II, it is 30 alleged to have taken place over many months, in several different media, in which AT&T consistently promoted its GMS/GPRS network as reliable, improving, and expanding. 1 2 3 4 5 6 7 8 9 10 United States District Court Northern District of California 11 12 13 14 15 Id. In the context of the common law fraud claim, the court again observed: “where a fraud claim is based upon numerous misrepresentations, such as an advertising campaign that is alleged to be misleading, plaintiffs need not allege the specific advertisements the individual plaintiffs relied upon; it is sufficient for the plaintiff to provide a representative selection of the advertisements or other statements to indicate the language upon which the implied misrepresentations are based.” Id. at 1262. The detail the Court requires here ensures that the advertisements at issue are representations that consumers were likely to have viewed, as opposed to representations that were isolated or more narrowly disseminated, such as statements buried on a rarely-viewed webpage, or made on an investor phone conference. Certainly, such representations could be part of an advertising campaign, but the complaint should describe the mechanism of dissemination for all identified representations. Sixth, the court must be able to determine when a plaintiff made her purchase or otherwise 16 relied in relation to a defendant’s advertising campaign, so as to determine which portion of that 17 campaign is relevant. Representations made prior to purchase are relevant to a plaintiff’s claim; 18 19 20 21 22 23 24 25 26 27 ones made after are not. Consequently, a plaintiff should describe, to the best of her ability, (1) when the product was purchased, (2) the timeframe of the advertisements at issue, and (3) when the plaintiff was exposed to the advertisements. These factors are merely one court’s attempt to harmonize the developing jurisprudence of false advertising claims. Future decisions from the California state and federal courts may reveal additional factors, or demonstrate that some of those just listed are not helpful. Nevertheless, these are the factors the Court has been able to identify. Applying them here, the Court finds that Plaintiffs have not adequately alleged a long-term advertising campaign of the kind that would excuse them from pleading specific reliance. Although Plaintiffs allege a long-term advertising campaign, they fail to do so with the level of 28 31 1 2 3 4 detail that has led other courts to allow such claims to proceed. First, as set forth above, it is not clear that any of the plaintiffs were actually exposed to Apple’s advertising campaign. Second, although the CAC alleges with sufficient specificity the length of the advertising 5 campaign at issue — it alleges that the campaign began at least by 2008 and continued up through 6 the filing of the CAC — it does not contain sufficient detail concerning the extent of the 7 advertising. It is unclear from the CAC how often the advertisements were published, or in which 8 media. Without more detail, the Court cannot conclude that it would be “unrealistic” to require 9 Plaintiffs to plead with specificity their exposure to each alleged misrepresentation. Third, and relatedly, Plaintiffs have not attached or described a “representative sample” of 11 United States District Court Northern District of California 10 the advertisements at issue. Instead of cursory allegations that Apple “repeatedly represented that 12 Apple’s products are safe and secure, and that private information could not be accessed by third- 13 party apps without the user’s express consent,” CAC ¶ 64, Plaintiffs should describe in detail, or 14 attach, advertisements that they contend are typical of the advertising campaign at issue. The 15 Court is mindful that Plaintiffs have identified some specific representations contained on Apple’s 16 website, or made by Apple’s employees, including its former and current CEOs. But it is not 17 enough. After reading the complaint asserted against it, a defendant should be able to understand 18 which advertising is alleged to be misleading, and how it is misleading, so that it may prepare a 19 defense and identify in discovery the remainder of the advertising at issue — and just as 20 importantly, that advertising which is not at issue. It is only through this process that the parties 21 will be able to cabin, and then narrow, the scope of the litigation in succeeding stages. Because 22 Plaintiffs have failed to allege in sufficient detail the nature of the advertisements, the Court finds 23 that the CAC does not adequately notify Apple of the precise nature of the misrepresentation 24 claims asserted against it. 25 Fourth, because there is insufficient detail with respect to the advertising at issue, the Court 26 cannot conclude that the alleged misrepresentations are sufficiently similar to each other to 27 constitute a single campaign, message, or set of messages susceptible to uniform treatment. 28 Fifth, Plaintiffs do not separately allege in any detail how they were exposed to Apple’s 32 1 advertising campaign. It is not enough merely to allege that Plaintiffs “viewed Apple’s website, 2 saw in-store advertisements, and/or [were] aware of Apple’s representations regarding the safety 3 and security of the iDevices prior to purchasing their own iDevices.” CAC ¶ 126. 4 Finally, without engaging Apple’s attempts to develop a factual record at the pleading 5 stage, the Court is mindful of the fact that Plaintiffs have not alleged when they purchased their 6 devices, other than to allege they were all purchased prior to February 2012. Consequently, even 7 if Plaintiffs adequately address the other deficiencies in the CAC, it would still be difficult for the 8 Court to conclude that Plaintiffs were exposed to the advertising at issue prior to purchasing their 9 iDevices without more detailed allegations concerning the chronology of events for each Plaintiff 10 United States District Court Northern District of California 11 12 in this case. 3. Failure to Disclose Plaintiffs argue in the alternative that their misrepresentation claims are viable because 13 Apple had an affirmative duty to disclose material facts of which it had exclusive knowledge, i.e., 14 the vulnerability of Plaintiffs’ iDevices to the theft of their address books by third party apps, 15 rendering it unnecessary for Plaintiffs to identify any misrepresentations. 16 “As the Ninth Circuit has recently cautioned, in the context of product defect claims, 17 ‘California courts have generally rejected a broad duty to disclose.’” Donohue v. Apple, Inc., 871 18 F. Supp. 2d 913, 925 (N.D. Cal. 2012) (citing Wilson v. Hewlett-Packard Co., 3d 1136, 1141 (9th 19 Cir. 2012). Nondisclosure or concealment constitutes actionable fraud in only four circumstances: 20 “(1) when the defendant is in a fiduciary relationship with the plaintiff; (2) when the defendant had 21 exclusive knowledge of material facts not known to the plaintiff; (3) when the defendant actively 22 conceals a material fact from the plaintiff; and (4) when the defendant makes partial 23 representations but also suppresses some material facts.” LiMandri v. Judkins, 52 Cal. App. 4th 24 326, 336 (1997). 25 Plaintiffs argue that their non-disclosure claims fit into each of the last three categories. 26 Because the Court has already determined above that Plaintiffs do not adequately identify Apple’s 27 alleged misrepresentations, only the second and third categories are at issue. 28 But Plaintiffs’ failure to disclose claims have a separate problem: “‘[a] manufacturer's 33 1 duty to consumers is limited to its warranty obligations absent either an affirmative 2 misrepresentation or a safety issue.’” Donohue, 871 F. Supp. 2d at 925(quoting Oestreicher v. 3 Alienware Corp., 322 F. App'x 489, 493 (9th Cir. 2009)).18 Here, Plaintiffs fail to allege when 4 they purchased their iDevices, when the alleged defects arose, what kind of warranty Apple 5 provided, the terms of the warranty, and the warranty's duration. Consequently, the Court is 6 unable to conclude whether the alleged defect manifested within the warranty period, and 7 therefore cannot sustain Plaintiffs’ claims. Because Plaintiffs have failed to plead with particularity the specific representations upon 8 9 which they relied, have failed adequately to plead a long-term and extensive advertising campaign, and have failed to satisfy the requirements for a pure nondisclosure or concealment claim, the 11 United States District Court Northern District of California 10 Court will grant Apple’s motion to dismiss Plaintiffs’ UCL, FAL, CLRA, and negligent 12 misrepresentation claims, with leave to amend. 13 D. 14 The California Comprehensive Computer Data Access and Fraud Act (“CDAFA”), Cal. California Comprehensive Computer Data Access and Fraud Act 15 Penal Code § 502, “expand[s] the degree of protection afforded to individuals, businesses, and 16 governmental agencies from tampering, interference, damage, and unauthorized access to lawfully 17 created computer data and computer systems.” Id. § 502(a). Every Plaintiff except Pirozzi asserts 18 a claim against Apple for violation of the CDAFA. The CDAFA imposes liability, inter alia, on 19 any person who (1) Knowingly accesses and without permission alters, damages, deletes, destroys, or otherwise uses any data, computer, computer system, or computer network in order to either (A) devise or execute any scheme or artifice to defraud, deceive, or extort, or (B) wrongfully control or obtain money, property, or data. 20 21 22 23 (2) Knowingly accesses and without permission takes, copies, or makes use of any data from a computer, computer system, or computer network, or takes or copies any supporting documentation, whether existing or residing internal or external to a computer, computer system, or computer network . . . . 24 25 26 27 28 18 Once the warranty expires, a manufacturer does not have an affirmative duty to disclose a latent defect unless it poses an “unreasonable safety hazard.” See Donohue, 871 F. Supp. 2d at 926; Wilson, 668 F.3d at 1141–43. 34 1 2 (6) Knowingly and without permission provides or assists in providing a means of accessing a computer, computer system, or computer network in violation of this section. 3 4 5 6 7 8 9 10 United States District Court Northern District of California 11 (7) Knowingly and without permission accesses or causes to be accessed any computer, computer system, or computer network. (8) Knowingly introduces any computer contaminant into any computer, computer system, or computer network. Id. § 502(c)(1),(2),(6)–(8). The CDAFA authorizes the owner of the computer “who suffers damage or loss by reason of a violation of any of the provisions of subdivision (c) [to] bring a civil action against the violator for compensatory damages and injunctive relief or other equitable relief.” Id. § 502(e)(1). Apple moves to dismiss on several grounds. As an initial matter, the Court notes that, to 12 the extent Plaintiffs’ theories of liability under the CDAFA derive from Apple’s “reviewing, 13 editing, and deciding whether to” make available to its users the offending apps, those claims are 14 15 16 17 barred by the Communications Decency Act, as discussed above. To the extent Plaintiffs assert a CDAFA claim based on Apple’s encouragement of the development of the offending features of the subject apps, those allegations are insufficiently pleaded. Each subsection of the statute Plaintiffs assert incorporates expressly or by reference a 18 requirement that the defendant acted “without permission.” See Cal. Pen. Code § 502(b)(10) 19 (defining “computer contaminant”). Courts in this district have interpreted “without permission” 20 to mean “in a manner that circumvents technical or code based barriers in place to restrict or bar a 21 user's access.” Facebook, Inc. v. Power Ventures, Inc., 844 F. Supp. 2d 1025, 1036 (N.D. Cal. 22 23 24 2012). See also In re Google Android Consumer Privacy Litig., No. 11-mc-02264-JSW, 2013 WL 1283236, at *12 (N.D. Cal. Mar. 26, 2013); In re iPhone Application Litig. (“iPhone I”), No. 11md-02250-LHK, 2011 WL 4403963, at *12–13 (N.D. Cal. Sept. 20, 2011). 25 Plaintiffs argue that their CDAFA claim is viable because they “did not know that the apps 26 contained the malicious code at issue here.” ECF No. 421 at 42. Other courts in this district have 27 already persuasively rejected this argument. See iPhone I, 2011 WL 4403963, at *12 (“On 28 Plaintiffs' own allegations, the iOS and third party apps — which contain the alleged ‘surreptitious 35 1 code’ — were all installed or updated voluntarily by Plaintiffs.”); In re Google Android Consumer 2 Privacy Litig., 2013 WL 1283236, at *12 (“Plaintiffs, however, have not included any facts that 3 show — or lead to a reasonable inference — that the tracking codes have been designed in such a 4 way to render ineffective any barriers the Plaintiffs might wish to use to prevent access to their 5 PII.”). Plaintiffs’ allegations are materially indistinguishable from the allegations in iPhone I and 6 7 In re Google Android Consumer Privacy. Although Plaintiffs allege they did not grant permission 8 to the apps to copy their address books, there is no suggestion that the apps overcame “technical or 9 code based barriers in place to restrict or bar a user's access.” According to the CAC, the apps in 10 question had open access to Plaintiffs' address books.19 United States District Court Northern District of California 11 Plaintiffs’ CDAFA claims against Apple will be dismissed. 12 E. 13 The Opperman Plaintiffs assert design defect and failure to warn strict products liability 14 claims against Apple. “‘A manufacturer is strictly liable in tort when an article he places on the 15 market, knowing that it is to be used without inspection for defects, proves to have a defect that 16 causes injury to a human being.’” Anderson v. Owens-Corning Fiberglas Corp., 53 Cal. 3d 987, 17 994 (1991) (quoting Greenman v. Yuba Power Products, Inc., 59 Cal. 2d 57, 62 (1963)). Strict Products Liability: Design Defect and Failure to Warn 18 Importantly, “recovery under the doctrine of strict liability is limited solely to ‘physical 19 harm to person or property.’” Jimenez v. Superior Court, 29 Cal. 4th 473, 482 (2002) (quoting 20 Seely v. White Motor Co., 63 Cal. 2d 9, 18 (1965)). “Damages available under strict products 21 liability do not include economic loss, which includes damages for inadequate value, costs of 22 repair and replacement of the defective product or consequent loss of profits — without any claim 23 24 25 26 27 28 19 The Court recognizes there is a split of authority in this district concerning the appropriate scope of the “without permission” language in the CDAFA. Weingand v. Harland Fin. Solutions, Inc., No. 11-cv-3109-EMC, 2012 WL 2327660, at *5 (N.D. Cal. June 19, 2012). Even Weingand, however, still requires that Defendants have circumvented “restrictions on access” of some kind. The CAC does not allege that the subject apps circumvented any restrictions at all. Instead, it alleges that Apple failed to implement any such restriction, thereby enabling the App Defendants to copy Plaintiffs’ address books. Under either approach to the CDAFA, Plaintiffs fail to state a viable claim. 36 1 of personal injury or damages to other property” Id. (quotation marks and citations omitted). By 2 contrast, “[t]he law of contractual warranty governs damage to the product itself.” Id. at 483. Plaintiffs do not explain what injury they allege that satisfies the economic loss rule. The 3 4 CAC alleges only that “Plaintiffs suffered personal injuries as a result of the defective design, 5 including invasions of their privacy and damages to their properties (the mobile address books).” 6 CAC ¶ 694. Those injuries are not “physical harm to person or property” and cannot support a 7 products liability claim. For this reason, the Court will dismiss Plaintiffs’ strict products liability 8 claim. 9 F. Negligence Plaintiffs' negligence claims are barred by the economic loss rule discussed in the 11 United States District Court Northern District of California 10 immediately previous section. "Purely economic damages to a plaintiff which stem from 12 disappointed expectations from a commercial transaction must be addressed through contract law; 13 negligence is not a viable cause of action for such claims." iPhone II, 844 F. Supp. 2d at 1064. 14 The Court will dismiss Plaintiffs’ negligence claim against all Defendants. 15 G. 16 Plaintiffs state that they “elect not to prosecute [the RICO] claim at this time and have no RICO 17 objection to its dismissal without prejudice as to” Apple. ECF No. 421 at 50. The Court construes 18 Plaintiffs’ statement as a Rule 41(a)(1)(A)(i) notice of voluntary dismissal, which is self- 19 executing. 20 H. 21 In response to Apple’s argument that aiding and abetting is not a stand-alone cause of Aiding and Abetting 22 action in California, Plaintiffs respond: “The fact that Plaintiffs’ aiding and abetting allegations are 23 set out in a separate claim merely provides clarity to the complaint by specifying that Plaintiffs 24 contend that Apple is liable not just for its own actions but for those of the App Defendants.” ECF 25 No. 421 at 49. Far from providing clarity, the separate aiding and abetting count casts in doubt 26 which claims that, facially, are asserted only against the App Defendants are also meant to apply 27 to Apple as well. The Court cannot discern from the CAC what additional liability, other than the 28 claims Plaintiffs explicitly assert against Apple, Plaintiffs attempt to impose on Apple by virtue of 37 1 the aiding and abetting count. For this reason, the Court will dismiss the claim. Plaintiffs are 2 advised that each claim in the complaint should clearly set forth against which Defendants it is 3 meant to be asserted. 4 IV. Like Apple, the App Defendants move to dismiss all of Plaintiffs’ claims against them on 5 6 APP DEFENDANTS’ MOTIONS TO DISMISS Article III standing grounds, as well as pursuant to Rule 12(b)(6).20 7 A. 8 The Article III standing analysis as applied to Plaintiffs’ claims against the App Article III Standing Defendants differs from the analysis regarding Plaintiffs’ claims against Apple. In particular, the 10 App Defendants argue that Plaintiffs have failed to identify an injury-in-fact sufficient to establish 11 United States District Court Northern District of California 9 standing. In evaluating Path’s motion to dismiss the Hernandez complaint prior to the relation of that 12 13 action to the above-captioned action, Judge Gonzalez Rogers evaluated the alleged injury of 14 “diminished mobile device resources, such as storage, battery life, and bandwidth."21 Hernandez 15 v. Path, Inc., No. 12-cv-01515-YGR, 2012 WL 5194120, at *1–2 (N.D. Cal. Oct. 19, 2012). She 16 found that the diminished mobile device resources injury was de minimis. Id. The allegations in 17 the CAC provide no further detail concerning this alleged injury, but instead recast it similar 18 terms. See, e.g., CAC ¶ 147 (“For instance, the unauthorized transmissions and operations used 19 iDevice resources, battery life, energy and cellular time at a cost to Plaintiffs and caused loss of 20 use and enjoyment of some portion of each iDevice’s useful life.”). There is no indication, for 21 example, that battery resources were depleted as in iPhone II. Because Plaintiffs have not 22 quantified or otherwise articulated the alleged resource usage, they fail to allege an injury that can 23 serve as the basis of standing. See, e.g., In re Google, Inc. Privacy Policy Litig., No. 12-cv-01382- 24 20 25 26 The App Defendants also repeat some of the arguments Apple makes, for example that those Plaintiffs who are not from California cannot sue under California law. See ECF No. 393 at 7. Where the Court has already addressed an identical argument in the section on Apple's motion to dismiss, it does not do so again here. 27 21 28 Judge Gonzalez Rogers also evaluated two other types of alleged injury that Plaintiffs no longer allege and that are not germane to this Order. 38 1 PSG, 2013 WL 6248499 (N.D. Cal. Dec. 3, 2013) (distinguishing Hernandez because resource 2 usage was significant and “systemic rather than episodic”). 3 In addition, however, Plaintiffs present four new theories of injury-in-fact not present in 4 Hernandez. First, Plaintiffs argue that their claim for injunctive relief is sufficient to confer 5 standing. “To have standing to assert a claim for prospective injunctive relief, a plaintiff must 6 demonstrate ‘that he is realistically threatened by a repetition of [the violation].’” Melendres v. 7 Arpaio, 695 F.3d 990, 997 (9th Cir. 2012) (quoting City of Los Angeles v. Lyons, 461 U.S. 95, 8 109 (1983)). Here, Plaintiffs allege that the App Defendants all discontinued their practices when 9 the practice of transmitting user address books was made public. Moreover, Plaintiffs allege that Apple has instituted additional privacy controls that enable users to control which apps have 11 United States District Court Northern District of California 10 access to their address books. Because there is no realistic threat of repetition, Plaintiffs cannot 12 establish standing through their prayer for injunctive relief. 13 Second, Plaintiffs argue that the App Defendants interfered with their property rights in 14 their address books, conferring standing on Plaintiffs to sue. “[D]istrict courts have been reluctant 15 to find standing based solely on a theory that the value of a plaintiff's [personal information] has 16 been diminished.” Yunker v. Pandora Media, Inc., No. 11-cv-03113-JSW, 2013 WL 1282980 17 (N.D. Cal. Mar. 26, 2013). “[I]njury-in-fact in this context requires more than an allegation that a 18 defendant profited from a plaintiff's personal identification information. Rather, a plaintiff must 19 allege how the defendant's use of the information deprived the plaintiff of the information's 20 economic value. Put another way, a plaintiff must do more than point to the dollars in a 21 defendant's pocket; he must sufficiently allege that in the process he lost dollars of his own.” In re 22 Google, Inc. Privacy Policy Litig., 2013 WL 6248499, at *5. See also In re Google Android 23 Consumer Privacy Litig., 2013 WL 1283236, at *4 (“Similarly, although Plaintiffs allege that a 24 market exists that could provide them the opportunity to sell their PII, none of the Plaintiffs 25 specifically tie those allegations to them. Plaintiffs also do not allege they attempted to sell their 26 personal information, that they would do so in the future, or that they were foreclosed from 27 entering into a value for value transaction relating to their PII, as a result of the Google 28 39 1 Defendants' conduct.”).22 Plaintiffs here have failed to allege any details concerning their argument that their address 2 3 books’ value was diminished by the App Defendants’ conduct. Instead, Plaintiffs argue that 4 address books are distinct from the “automatically-generated computer data sets” at issue in the 5 multitude of cases in which courts have found allegations similar to Plaintiffs insufficient. The 6 distinction is one without a difference. Whether automatically-generated or generated by the user, 7 Plaintiffs must “tie” their allegations that their personal information has value to the alleged injury 8 they suffered. Here, Plaintiffs have failed to do so. Consequently, Plaintiffs do not have Article 9 III standing based on injury to their property rights. However, Plaintiffs’ two remaining theories of injury are sufficient to confer standing. 10 United States District Court Northern District of California 11 First, as observed above, Plaintiffs are able to establish standing through their statutory claims, 12 because “[t]he injury required by Article III can exist solely by virtue of ‘statutes creating legal 13 rights, the invasion of which creates standing.’” Edwards v. First Am. Corp., 610 F.3d 514, 517 14 (9th Cir. 2010) (quoting Fulfillment Servs. Inc. v. United Parcel Serv., Inc., 528 F.3d 614, 618 15 (9th Cir. 2008)). See In re Google, Inc. Privacy Policy Litig., 2013 WL 6248499, at *8 16 (“Although Article III always requires an injury, the alleged violation of a statutory right that does 17 not otherwise require a showing of damages is an injury sufficient to establish Article III 18 standing.”). Second, Plaintiffs assert a common law claim for invasion of privacy. Regardless of the 19 20 merits of that claim, the Court finds Plaintiffs’ allegations sufficient on this point. The essence of 21 the standing inquiry is to determine whether the plaintiff has “alleged such a personal stake in the 22 outcome of the controversy as to assure that concrete adverseness which sharpens the presentation 23 of issues upon which the court so largely depends.” Baker v. Carr, 369 U.S. 186, 204 (1962). It is 24 22 25 26 27 28 The Court does not read these decisions to be holding that consumers do not have property rights in their electronically stored private information, but that the copying of such information without any meaningful economic injury to consumers is insufficient to establish standing on that basis. Cf. FMC Corp. v. Capital Cities/ABC, Inc., 915 F.2d 300, 303–04 (7th Cir. 1990) (applying California law; noting that “[i]n cases where the alleged converter has only a copy of the owner's property and the owner still possesses the property itself, the owner is in no way being deprived of the use of his property. The only rub is that someone else is using it as well.”). 40 1 beyond meaningful dispute that a plaintiff alleging invasion of privacy as Plaintiffs do here 2 presents a dispute the Court is permitted to adjudicate. See, e.g., Wright & Miller, 13A Fed. Prac. 3 & Proc. Juris. § 3531.4 (3d ed.); Ruiz v. Gap, Inc., 380 F. App'x 689, 691 (9th Cir. 2010) 4 (unpublished) (holding allegation that laptop theft put plaintiff at “greater risk of identity theft” 5 was sufficient injury, even where plaintiff had no UCL standing); Yunker, 2013 WL 1282980, at 6 *6 (finding Article III standing based on violation of constitutional privacy rights); Citizens for 7 Health v. Leavitt, 428 F.3d 167, 176 & n.9 (3d Cir. 2005), cert. den’d 127 S. Ct. 43 (2006) 8 (holding Plaintiffs had standing to challenge “Privacy Rule” that allowed medical providers to use 9 or disclose personal health information without patient consent because summary judgment evidence showed “at least one individual plaintiff's health information has been, or will 11 United States District Court Northern District of California 10 imminently be, disclosed without her consent by private health care providers and drugstore 12 chains”); Folgelstrom v. Lamps Plus, Inc., 195 Cal. App. 4th 986, 990 (2011) (discussing invasion 13 of privacy claims). The App Defendants do not respond to this theory of injury. The Court finds 14 it is sufficient to confer standing for those claims on which the injury bears — intrusion upon 15 seclusion and public disclosure of private facts. 16 17 For the foregoing reasons, the Court will dismiss Plaintiffs’ common law claims against the App Defendants, except their invasion of privacy claims, on standing grounds. 18 B. 19 The Court will also dismiss Plaintiffs’ UCL claims against the App Defendants, because, Plaintiffs' UCL Claims 20 in order to have standing to assert their UCL claims, Plaintiffs must show that they “lost money or 21 property,” and, as the Court concludes above, they have failed to make such a showing. See 22 Kwikset Corp. v. Super. Ct., 51 Cal. 4th 310, 325 (2011). 23 C. 24 The Opperman Plaintiffs assert the common law claim of intrusion upon seclusion against Invasion of Privacy: Intrusion Upon Seclusion 25 the App Defendants. In particular, Plaintiffs allege that “[b]y surreptitiously obtaining, improperly 26 gaining knowledge, reviewing and retaining Plaintiffs’ private mobile address books (or 27 substantial portions thereof), the App Defendants intentionally intruded on and into each 28 respective Plaintiff’s solitude, seclusion or private affairs.” CAC ¶ 630. Plaintiffs allege the 41 1 intrusion was “highly offensive to a reasonable person,” as evidenced by the “myriad newspaper 2 articles, blogs, op eds., and investigative exposes’ [that] were written complaining and objecting 3 vehemently to these defendants’ practices.” CAC ¶ 631. Plaintiffs also allege that 4 “[c]ongressional inquiries were opened to investigate these practices and some defendants even 5 publicly apologized. The surreptitious manner in which the App Defendants’ conducted these 6 intrusions confirms their outrageous nature.” Id. 7 The Second Restatement of Torts provides: “One who intentionally intrudes, physically or 8 otherwise, upon the solitude or seclusion of another or his private affairs or concerns, is subject to 9 liability to the other for invasion of his privacy, if the intrusion would be highly offensive to a reasonable person.” Rest. (2d) of Torts § 652B (1977). California courts recognize that “‘a 11 United States District Court Northern District of California 10 measure of personal isolation and personal control over the conditions of its abandonment is of the 12 very essence of personal freedom and dignity, is part of what our culture means by these 13 concepts.’” Shulman v. Grp. W Prods., Inc., 18 Cal. 4th 200, 231 (1998) (quoting Bloustein, 14 Privacy as an Aspect of Human Dignity: An Answer to Dean Prosser, 39 N.Y.U. L.Rev. 962, 973– 15 974 (1964) (footnote omitted)). 16 An intrusion upon seclusion claim “does not depend upon any publicity given to the person 17 whose interest is invaded or to his affairs.” Rest. (2d) of Torts § 652B, Comment a. Nor must the 18 intrusion be physical: 19 20 21 22 23 24 25 it may be performed by the use of the defendant's senses, with or without mechanical aids, to oversee or overhear the plaintiff's private affairs, as by looking into his upstairs windows with binoculars or tapping his telephone wires. It may be by some other form of investigation or examination into his private concerns, as by opening his private and personal mail, searching his safe or his wallet, examining his private bank account, or compelling him by a forged court order to permit an inspection of his personal documents. The intrusion itself makes the defendant subject to liability, even though there is no publication or other use of any kind of the photograph or information outlined. 26 Id., Comment b. California has adopted the Restatement’s two-prong formulation of intrusion 27 upon seclusion claims: “(1) intrusion into a private place, conversation or matter, (2) in a manner 28 highly offensive to a reasonable person.” Shulman, 18 Cal. 4th at 231. 42 1 “The tort is proven only if the plaintiff had an objectively reasonable expectation of 2 seclusion or solitude in the place, conversation or data source.” Id. Whether a legally protected 3 privacy interest is at stake is a question of law; whether a plaintiff has a reasonable expectation of 4 privacy and whether the defendant’s conduct is a serious invasion of privacy are mixed questions 5 of law and fact. See Hill v. Nat'l Collegiate Athletic Assn., 7 Cal. 4th 1, 39–40 (1994) (discussing 6 California constitutional invasion of privacy). “If the undisputed material facts show no 7 reasonable expectation of privacy or an insubstantial impact on privacy interests, the question of 8 invasion may be adjudicated as a matter of law.” Id. 9 The Court does not read the App Defendants to be contesting that Plaintiffs have a legally protectable privacy interest in their address books, nor do the App Defendants contest that the apps 11 United States District Court Northern District of California 10 intruded upon that interest. Instead, the App Defendants argue that Plaintiffs did not have a 12 reasonable expectation of privacy in the information, and that the intrusion was not sufficiently 13 offensive to give rise to a claim for intrusion upon seclusion. 14 15 1. Reasonable Expectation of Privacy A claim for intrusion upon seclusion is not viable unless the plaintiff had an “objectively 16 reasonable expectation of seclusion or solitude in the place, conversation or data source.” 17 Shulman, 18 Cal. 4th at 231. Several factors affect a person’s reasonable expectation of privacy. 18 Advance notice of an impending action, customs, practices, and physical settings may “create or 19 inhibit reasonable expectations of privacy.” Hill, 7 Cal. 4th at 36. “Finally, the presence or 20 absence of opportunities to consent voluntarily to activities impacting privacy interests obviously 21 affects the expectations of the participant.” Id. 22 Here, there are two types of alleged intrusions at issue. Plaintiffs allege that some apps 23 copied Plaintiffs’ address books without consent or any prompt. The Court finds that Plaintiffs’ 24 expectation of privacy in their address books contained on their iDevices in this circumstance was 25 reasonable. See, e.g., United States v. Zavala, 541 F.3d 562, 577 (5th Cir. 2008) (“[C]ell phones 26 contain a wealth of private information, including emails, text messages, call histories, address 27 books, and subscriber numbers. Zavala had a reasonable expectation of privacy regarding this 28 information.”); United States v. Cerna, No. 08-cv-0730-WHA, 2010 WL 5387694, at *6 (N.D. 43 1 Cal. Dec. 22, 2010) (citing Zavala) (“Luis Herrera had a reasonable expectation of privacy in the 2 contents of the seized phones as his physical possession of the cell phones created a reasonable 3 expectation of privacy in their contents.”); United States v. Chan, 830 F. Supp. 531, 534 (N.D. 4 Cal. 1993) (criminal defendant had expectation of privacy in contents of pager because “[t]he 5 expectation of privacy in an electronic repository for personal data is therefore analogous to that in 6 a personal address book or other repository for such information”). 7 Other apps, such as Gowalla and Instagram, copied address books only after they prompted 8 the user to “find friends” who use the same app by scanning Plaintiffs’ address books. See, e.g., 9 CAC ¶¶ 238, 317. The menu prompts notified users that the app would scan their address books. Although the prompts required Plaintiffs to consent, Plaintiffs' expectation of privacy in that 11 United States District Court Northern District of California 10 circumstance was still reasonable. Plaintiffs allege that they would not have consented had they 12 known that their apps would not only scan their address books to determine whether their friends 13 were using the same app, but then upload the address books to the app developer for other 14 purposes. Plaintiffs allege that their consent was obtained by fraud, and that their consent was 15 therefore invalid. See Rest. (2d) of Torts § 892B (1979) (“If the person consenting to the conduct 16 of another is induced to consent by a substantial mistake concerning the nature of the invasion of 17 his interests or the extent of the harm to be expected from it and the mistake is known to the other 18 or is induced by the other's misrepresentation, the consent is not effective for the unexpected 19 invasion or harm.”); Sanchez-Scott v. Alza Pharm., 86 Cal. App. 4th 365, 377–78 (2001) 20 (sustaining intrusion upon seclusion claim where doctor obtained consent of patient to breast 21 examination in front of a drug salesperson without disclosing salesperson was not a medical 22 professional). 23 Here, Plaintiffs allege that the App Defendants obtained their consent by misrepresenting 24 their purpose. That is, they allege that the App Defendants intentionally represented that they 25 would only “scan” Plaintiffs’ address books for purposes of the “find friends” feature without 26 disclosing that, at the same time, the app would transmit a copy of the address book to Defendants 27 for their own use. Taking the allegations in the CAC as true, the Court concludes that Plaintiffs’ 28 consent was invalid. Consequently, Plaintiffs had a reasonable expectation of privacy with respect 44 1 to the address books copied by each app at issue. 2 2. The App Defendants’ primary argument in support of their motion to dismiss Plaintiffs’ 3 4 Offensiveness intrusion upon seclusion claim is that the intrusion at issue is not “highly offensive.” Liability for intrusion upon seclusion will not lie “unless the interference with the 6 plaintiff's seclusion is a substantial one, of a kind that would be highly offensive to the ordinary 7 reasonable man, as the result of conduct to which the reasonable man would strongly object.” 8 Rest. (2d) of Torts § 652B, Comment d. “A court determining the existence of ‘offensiveness’ 9 would consider the degree of intrusion, the context, conduct and circumstances surrounding the 10 intrusion as well as the intruder's motives and objectives, the setting into which he intrudes, and 11 United States District Court Northern District of California 5 the expectations of those whose privacy is invaded.” Miller v. Nat'l Broad. Co., 187 Cal. App. 3d 12 1463, 1483–84 (1986). In evaluating a claim for invasion of California’s constitutional right to privacy, the iPhone 13 14 II court held that the surreptitious tracking of personal data and geolocation information was not 15 an “egregious breach of social norms.” 844 F. Supp. 2d at 1063. In coming to that conclusion, 16 that court relied primarily on the decision in Folgelstrom v. Lamps Plus, Inc., 195 Cal. App. 4th 17 986, 992 (2011). In Folgelstrom, the plaintiff alleged that the defendant retailer routinely asked 18 for customers’ zip codes, asked a credit agency to match their zip codes and credit card numbers to 19 home mailing addresses, and then engaged in mail marketing using the addresses. The court first 20 concluded that the plaintiffs did not have a legally protected private interest in their mailing 21 addresses. The court also held that the retailer’s conduct was not egregious, but “routine 22 commercial behavior.” Id. at 992. The decision in Folgelstrom is distinguishable.23 Here, Plaintiffs allege the theft of the 23 24 23 25 26 27 28 The App Defendants also argue that Folgelstrom limited intrusion upon seclusion claims to conduct that involves a highly offensive use of the private information. See Folgelstrom, 195 Cal. App. 4th at 993 (“[W]e have found no case which imposes liability based on the defendant obtaining unwanted access to the plaintiff's private information which did not also allege that the use of plaintiff's information was highly offensive.”). That passage from Folgelstrom is dicta, and the Court has been unable to locate any other decision 45 1 information in their personal contact lists, which is more private than a person’s mailing address. 2 And while the Court recognizes that attitudes toward privacy are evolving in the age of the 3 Internet, smartphones, and social networks, the Court does not believe that the surreptitious theft 4 of personal contact information — which is what the CAC alleges — has come to be qualified as 5 “routine commercial behavior.” Indeed, Plaintiffs allege that consumers, the media, the Federal 6 Trade Commission, and Congress have closely scrutinized the practices at issue in this case 7 because of concerns that the practices were inappropriate. 8 9 10 The Court cannot conclude as a matter of law that Defendants’ copying of Plaintiffs’ address books was not “highly offensive.” That question is best left for a jury. 3. Damages United States District Court Northern District of California 11 The App Defendants briefly argue that Plaintiffs have failed adequately to allege damages 12 from the alleged intrusion upon seclusion because they have failed to allege economic injury. No 13 such allegation is required. A plaintiff who prevails on an intrusion upon seclusion claim may 14 recover damages for “anxiety, embarrassment, humiliation, shame, depression, feelings of 15 powerlessness, anguish, etc.” Operating Engineers Local 3 v. Johnson, 110 Cal. App. 4th 180, 16 187 (2003) (quoting Miller v. National Broadcasting Co., 187 Cal. App. 3d 1463, 1485 (1986)). 17 18 For the foregoing reasons, the Court will deny the App Defendants’ motion to dismiss the Opperman Plaintiffs’ claim for intrusion upon seclusion. 19 20 21 22 23 24 25 26 27 28 that has applied the limitation; it was not relied upon, for example, in iPhone II. Moreover, unlike the Folgelstrom court, this Court has been able to locate cases which impose liability without an allegation of highly offensive use. For example, in Sanchez-Scott v. Alza Pharm., 86 Cal. App. 4th 365, 377–78 (2001), a patient adequately stated an intrusion upon seclusion claim where her doctor performed a breast examination in front of a pharmaceutical salesperson without revealing that the salesperson was not a medical professional. In that case, no “highly offensive use” was at issue, only the highly offensive manner in which the privacy interest was invaded. The Restatement also expressly disavows any such limitation. See Rest. (2d) of Torts § 652B, Comment b (“The intrusion itself makes the defendant subject to liability, even though there is no publication or other use of any kind of the photograph or information outlined.”) (emphasis added). 46 1 D. Invasion of Privacy: Public Disclosure of Private Facts The Opperman Plaintiffs also assert an invasion of privacy claim for public disclosure of 2 private facts. 3 The elements of a claim for public disclosure of private facts are: “(1) public disclosure, 4 (2) of a private fact, (3) which would be offensive and objectionable to the reasonable person, and 5 (4) which is not of legitimate public concern.” Taus v. Loftus, 40 Cal. 4th 683, 717 (2007) 6 (quotation omitted). Here, Plaintiffs have failed to allege a public disclosure. 7 The Restatement makes clear that Plaintiffs must allege disclosure to the public “at large”: 8 9 10 United States District Court Northern District of California 11 12 13 14 “Publicity,” as it is used in this Section, differs from “publication,” as that term is used in § 577 in connection with liability for defamation. “Publication,” in that sense, is a word of art, which includes any communication by the defendant to a third person. “Publicity,” on the other hand, means that the matter is made public, by communicating it to the public at large, or to so many persons that the matter must be regarded as substantially certain to become one of public knowledge. The difference is not one of the means of communication, which may be oral, written or by any other means. It is one of a communication that reaches, or is sure to reach, the public. 15 16 17 18 19 20 21 22 23 Thus it is not an invasion of the right of privacy, within the rule stated in this Section, to communicate a fact concerning the plaintiff's private life to a single person or even to a small group of persons. On the other hand, any publication in a newspaper or a magazine, even of small circulation, or in a handbill distributed to a large number of persons, or any broadcast over the radio, or statement made in an address to a large audience, is sufficient to give publicity within the meaning of the term as it is used in this Section. The distinction, in other words, is one between private and public communication. Rest. (2d) of Torts § 652D, Comment a (1977). Plaintiffs argue that they satisfy this standard because their address books were transmitted 24 in an unencrypted manner, or over public WiFi, “making it publicly available to third parties as 25 well as service providers.” ECF No. 422 at 27. That argument fails to meet the disclosure 26 27 28 requirement for this claim. While Plaintiffs allege that their information could have been intercepted by third parties, they do not allege that any interception occurred, nor do they allege that it was “substantially certain” that their address books would become “public knowledge.” To 47 1 satisfy the requirement, more specific allegations establishing the extent of the disclosure are 2 required. 3 For this reason, the Court will dismiss the Opperman Plaintiffs’ public disclosure claim. 4 E. 5 The Court’s analysis supra, Part III.D, concerning the California Comprehensive CDAFA and Computer Fraud and Abuse Act 6 Computer Data Access and Fraud Act (“CDAFA”), Cal. Penal Code § 502, applies equally to 7 Plaintiffs’ claims against the App Defendants. For the challenged conduct to qualify as “without 8 permission” under the CDAFA, the conduct must involve circumventing “restrictions on access” 9 of some kind. The CAC does not allege that the subject apps circumvented any restrictions. 10 Plaintiffs also assert a claim for violation of the federal Computer Fraud and Abuse Act United States District Court Northern District of California 11 (“CFAA”), 18 U.S.C. §§ 1030(a)(2)(C), (a)(5), & (g), against the App Defendants. Plaintiffs 12 concede that, like the CDAFA, the CFAA applies only to a defendant’s access to a computer 13 “without authorization,” and that this limitation must be interpreted similarly to the “without 14 permission” language in the CDAFA. See, e.g., iPhone I, 2011 WL 4403963, at *11 (“Where the 15 software that allegedly harmed the phone was voluntarily downloaded by the user, other courts in 16 this District and elsewhere have reasoned that users would have serious difficulty pleading a 17 CFAA violation.”). 18 Plaintiffs do not advance any new arguments concerning the “without authorization” 19 limitation in the CFAA, relying instead on their arguments concerning the CDAFA. 20 Consequently, the Court will dismiss both claims. 21 F. 22 The Federal Wiretap Act, or Electronic Communications Privacy Act (“ECPA”), 18 U.S.C. 23 § 2510, prohibits “interception” of “wire, oral, or electronic communications.” Id. § 2511(1). The 24 Act provides a private right of action against any person who “intentionally intercepts, endeavors 25 to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or 26 electronic communication,” id. § 2511(1)(a), or who “intentionally uses, or endeavors to use, the 27 contents of any wire, oral, or electronic communication, knowing or having reason to know that 28 the information was obtained through the interception of a wire, oral, or electronic communication Electronic Communications Privacy Act 48 1 in violation of [the Wiretap Act],” id. § 2511(1)(d). “Intercept” is defined as “the aural or other 2 acquisition of the contents of any wire, electronic, or oral communication through the use of any 3 electronic, mechanical, or other device.” Id. § 2510. 4 All Plaintiffs except Pirozzi assert an ECPA claim against the App Defendants. Judge 5 Gonzalez Rogers previously dismissed the ECPA claim in Hernandez for the same reason the App 6 Defendants seeks dismissal here: “The FAC fails to allege that Defendant intercepted any 7 communication contemporaneously with its transmission. Although Path allegedly transmitted the 8 Class Members' Contact Address Books from the Class Members' mobile devices to Path's servers, 9 Path did not ‘intercept’ a ‘communication’ to do so.” Hernandez, 2012 WL 5194120, at *3. Similarly, the Ninth Circuit has noted that “interception” means “‘communication 11 United States District Court Northern District of California 10 contemporaneous with transmission.’” Theofel v. Farey-Jones, 359 F.3d 1066, 1077 (9th Cir. 12 2004) (quoting Konop v. Hawaiian Airlines, Inc., 302 F.3d 868, 876 (9th Cir. 2002) (holding 13 unauthorized access to e-mail messages did not violate ECPA). “Specifically, Congress did not 14 intend for ‘intercept’ to apply to ‘electronic communications’ when those communications are in 15 ‘electronic storage.’” Id. (internal quotation marks omitted) (quoting Konop, 302 F.3d at 876). 16 Plaintiffs simultaneously “preserv[e] their disagreement with this court-generated rule in 17 the event it is later overturned,” ECF No. 422 at 24, and also advance the tortured argument that 18 the contemporaneous interception requirement is met here because the apps in question caused 19 Plaintiffs’ iDevices to “send information from the user’s Contacts from the iDevice’s storage 20 memory to processors and active memory being used by the app” and then “simultaneously 21 intercept[ed] that transmission.” Id. The decisions in Konop and Theofel are dispositive. In those 22 cases, the “transmission” Plaintiffs describe here as being “intercepted” —the use of data by 23 different memory components of the same device — was insufficient to give rise to an ECPA 24 claim. The Court will dismiss Plaintiffs’ ECPA claim. 25 G. 26 Plaintiffs’ claims under the California Invasion of Privacy Act, Cal. Pen. Code § 630, and Texas and California Wiretap Statutes 27 the Texas Wiretap Acts, Tex. Code Crim. Proc. Art. 18.20, § 1(3) & Tex. Pen. Code § 16.02(A), 28 state analogues to the ECPA, suffer from the same deficiency as their federal claim. Indeed, 49 1 Plaintiffs incorporate by reference their arguments concerning the ECPA with respect to those 2 claims, and do not present any other argument concerning the “interception” requirement in the 3 Texas and California statutes. The Court will dismiss those claims for the same reasons. See, e.g., 4 Hernandez, 2012 WL 5194120, at *5. 5 H. 6 The Texas Plaintiffs assert a claim for violation of Texas Penal Code section 31.03(a), Texas Theft Liability Act 7 which provides that a person commits theft: “if he unlawfully appropriates property with intent to 8 deprive the owner of property.” “Deprive” means “(A) to withhold property from the owner 9 permanently or for so extended a period of time that a major portion of the value or enjoyment of the property is lost to the owner; (B) to restore property only upon payment of reward or other 11 United States District Court Northern District of California 10 compensation; or (C) to dispose of property in a manner that makes recovery of the property by 12 the owner unlikely.” Tex. Pen. Code § 31.01(2)(A)–(C). Plaintiffs cannot satisfy the definition of “deprive” for purposes of their Texas Theft 13 14 Liability Act claim. Even if Plaintiffs have a property right in their address books, there is no 15 allegation that the App Defendants withheld the address books from Plaintiffs “permanently or for 16 so extended a period of time that a major portion of the value or enjoyment of the property” was 17 lost. Nor do Plaintiffs allege that the App Defendants offered to restore the address books for 18 payment, because no restoration is possible; the address books were copied. For the same reason, 19 Plaintiffs have not alleged that the App Defendants disposed of the property. Consequently, the 20 Court will dismiss the Texas Plaintiffs’ Texas Theft Liability Act claim. 21 I. 22 Plaintiffs “elect not to prosecute [their RICO and vicarious liability] claims at this time and RICO and Vicarious Liability 23 have no objection to their dismissal without prejudice as to” the App Defendants. As discussed 24 above with respect to Plaintiffs’ RICO claim against Apple, the Court construes Plaintiffs’ 25 statement as a Rule 41(a)(1)(A)(i) notice of voluntary dismissal, which is self-executing. 26 V. FACEBOOK AND GOWALLA’S MOTION TO DISMISS 27 App Defendants Facebook and Gowalla move to dismiss Plaintiffs’ claims against them 28 for violation of the Uniform Fraudulent Transfer Act (“UFTA”), Cal. Civ. Code § 3439, et seq., 50 1 for common law aiding and abetting, and for successor liability (as against Facebook only). Plaintiffs allege that “[i]n late 2011, Facebook conducted due diligence on Gowalla for a 2 3 contemplated business transaction with Gowalla and/or Gowalla’s owners. The contemplated 4 transaction involved transfer of all or substantially all of Gowalla’s assets, technology, know-how 5 or equity to Facebook.” CAC ¶ 414. According to the CAC, Facebook discovered that Gowalla’s 6 app had been copying users’ address books without consent and decided as a result to structure the 7 transaction differently. The resulting transaction transferred to Facebook Gowalla’s key 8 personnel, “technology” and “know-how.” CAC ¶ 416. “Facebook did not pay Gowalla 9 reasonably fair value for the Gowalla assets, technology, know-how or personnel. Facebook instead paid Gowalla’s shareholders and management for the company’s assets. On information 11 United States District Court Northern District of California 10 and belief, Facebook made payments of cash and/or Facebook pre-IPO stock to Gowalla’s 12 stockholders and management (instead of Gowalla) in consideration for this transaction.” CAC ¶ 13 417. The transaction left Gowalla “effectively headless, lacking independent (or any) continuing 14 management, and insolvent” CAC ¶ 418. The transaction was memorialized in a Release and Waiver Agreement submitted to the 15 16 Court under seal by Facebook and Gowalla.24 The Agreement demonstrates that Facebook 17 transferred a substantial amount of cash and pre-IPO shares to Gowalla, not to Gowalla’s 18 shareholders or owners. The Agreement also conveyed to Facebook a non-exclusive, royalty-free 19 license to Gowalla’s patents. It did not convey title to any of Gowalla’s intellectual property. 20 Finally, the Agreement permitted Gowalla to redistribute the shares Gowalla received under 21 certain conditions. Plaintiffs point out that the Agreement refers to several documents that are not 22 in the record, and that the Agreement does not provide the Court with any information concerning 23 how the contract was performed. 24 A. 25 “The [California] UFTA permits defrauded creditors to reach property in the hands of a Uniform Fraudulent Transfer Act 26 27 28 24 Because the CAC depends on the transaction at issue, the Court hereby takes judicial notice of the Agreement. See Swartz v. KPMG, LLP, 476 F.3d 756, 763 (9th Cir. 2007). 51 1 transferee.” Fid. Nat. Title Ins. Co. v. Schroeder, 179 Cal. App. 4th 834, 840–41 (2009). “A 2 fraudulent conveyance under the UFTA involves ‘a transfer by the debtor of property to a third 3 person undertaken with the intent to prevent a creditor from reaching that interest to satisfy its 4 claim.’” Filip v. Bucurenciu, 129 Cal. App. 4th 825, 829 (2005) (quoting Kirkeby v. Super. Ct., 5 33 Cal. 4th 642, 648 (2004). Under the California UFTA,25 a fraudulent transfer may be "actual" or "constructive." Cal. 6 Civ. Code § 3439.04(a). “In order for a fraudulent transfer to occur, among other things, there 8 must be a transfer of an asset as defined in the UFTA.” Schroeder, 179 Cal. App. 4th at 841 9 (emphasis in original). Under the Act, “transfer” is defined as “every mode, direct or indirect, 10 absolute or conditional, voluntary or involuntary, of disposing of or parting with an asset or an 11 United States District Court Northern District of California 7 interest in an asset, and includes payment of money, release, lease, and creation of a lien or other 12 encumbrance.” Cal. Civ. Code § 3439.01(i). An “asset” is, in turn, defined by the term 13 “property,” which is defined as “anything that may be the subject of ownership.” Cal. Civ. Code § 14 3439.01(a), (h). A creditor cannot premise a UFTA claim on a transfer unless the “the transfer 15 puts beyond [the creditor’s] reach property [the creditor] otherwise would be able to subject to the 16 payment of [] debt.” Mehrtash v. Mehrtash, 93 Cal. App. 4th 75, 80 (2001). 17 In addition, to establish an “actual” fraudulent transfer claim under Civil Code § 18 3439.04(a)(1), Plaintiffs must plead that Gowalla made a transfer with “actual intent to hinder, 19 delay, or defraud any creditor of the debtor.” Cal. Civ. Code § 3439.04(a)(1). When pleading 20 these elements, Plaintiffs must meet the heightened standards mandated by Rule 9(b) of the 21 Federal Rules of Civil Procedure. See In re SCI Real Estate Investments, LLC, No. 2:11-BK- 22 15975-PC, 2013 WL 1829648 (Bankr. C.D. Cal. May 1, 2013). 23 24 25 26 25 Facebook and Gowalla argue that Plaintiffs do not have standing to assert a California UFTA claim against them because they are not residents of California. The Court has already rejected that argument with respect to Apple’s motion to dismiss. Plaintiffs have standing to assert a California UFTA claim against Facebook and Gowalla, which are headquartered in California, for conduct that occurred in California. 27 28 As for the choice-of-law analysis, the parties agree that the California and Texas UFTA statutes do not conflict. Consequently, the Court will analyze California’s UFTA. 52 Here, Plaintiffs’ allegations do not establish that any transfer of assets occurred within the 2 meaning of the UFTA. Plaintiffs only describe generally what assets they assert were transferred: 3 personnel, “technology,” and “know-how.” Plaintiffs fail to address the requirement that the 4 transfer at issue put beyond Plaintiffs’ reach property they otherwise would be able to subject to 5 the payment of debt. There is no suggestion, for example, that Plaintiffs could not subject 6 Gowalla’s intellectual property, which Gowalla retained, to the payment of a future debt, or that 7 the license Gowalla conveyed to Facebook somehow impaired its ability to satisfy creditor claims. 8 Certainly Gowalla’s employees are not “assets” for purposes of the UFTA. The parties have cited 9 only one case to the Court on this point, Fink v. Advanced Logic Sys., Inc., A-5939-05T1, 2007 10 WL 3239222, at *7 (N.J. Super. Ct. App. Div. Nov. 5, 2007), and there, the court held that a non- 11 United States District Court Northern District of California 1 exclusive license to copyrighted work was not an asset for purposes of a New Jersey fraudulent 12 transfer.26 Because Plaintiffs have failed to allege a transfer of assets within the meaning of the 13 14 UFTA, their UFTA claim will be dismissed. 15 B. 16 Each claim asserted against Gowalla in this case is also asserted against Facebook by 17 virtue of successor liability. Under California law, a corporation that purchases the assets of 18 another does not assume the liabilities of the selling corporation unless: “(1) there is an express or 19 implied agreement of assumption, (2) the transaction amounts to a consolidation or merger of the 20 two corporations, (3) the purchasing corporation is a mere continuation of the seller, or (4) the 21 transfer of assets to the purchaser is for the fraudulent purpose of escaping liability for the seller's 22 debts.” Ray v. Alad Corp., 19 Cal. 3d 22, 28 (1977). Plaintiffs’ allegations on this point are 23 materially deficient because they have not alleged that Facebook acquired Gowalla, and, as 24 discussed above, they have failed to allege a transfer of assets. Indeed, the CAC expressly alleges 25 the opposite: that Facebook acquired employees and intellectual property rights, but not Gowalla Successor Liability 26 27 28 26 In briefing and at oral argument, Plaintiffs point to a Facebook securities filing and make other arguments based on facts not contained in the CAC. The Court declines to consider these arguments. 53 1 itself. There is no successor liability where no acquisition or fraudulent transfer has occurred. 2 3 See, e.g., Gee v. Tenneco, Inc., 615 F.2d 857, 862 (9th Cir. 1980) (“It is the general rule that 4 where a corporation is not dissolved following a sale of assets or a reorganization, it remains liable 5 for debts and liabilities incurred by it, unless it is otherwise agreed between the corporation and its 6 creditors.”). Consequently, Plaintiffs have failed to plead any claims against Facebook by virtue 7 of successor liability. C. 9 Facebook argues, and Plaintiffs do not contest, that Texas law applies to Plaintiffs’ claims 10 against it. ECF No. 394 at 6 n.6; ECF No. 434 at 2. Texas does not recognize a claim for “aiding 11 United States District Court Northern District of California 8 and abetting” as alleged in the CAC. Aiding and Abetting In Juhl v. Airington, 936 S.W.2d 640, 643 (Tex. 1996), the Texas Supreme Court declined 12 13 to adopt section 876 of the Restatement (Second) of Torts, which sets out a “concerted action” 14 theory of liability, noting that whether concerted action liability is recognized in Texas would 15 remain an “open question.”27 No subsequent case, however, has ever allowed such a claim. See 16 Eckhardt v. Qualitest Pharm. Inc., 858 F. Supp. 2d 792, 802 (S.D. Tex. 2012) (“It is an ‘open 17 18 27 Section 876 of the Restatement provides: 19 20 21 22 23 24 25 26 For harm resulting to a third person from the tortious conduct of another, one is subject to liability if he (a) does a tortious act in concert with the other or pursuant to a common design with him, or (b) knows that the other's conduct constitutes a breach of duty and gives substantial assistance or encouragement to the other so to conduct himself, or (c) gives substantial assistance to the other in accomplishing a tortious result and his own conduct, separately considered, constitutes a breach of duty to the third person. 27 28 Rest. (2d) of Torts, § 876 (1977). 54 1 question’ whether Texas law would even allow liability to be imposed based on § 876, and 2 Plaintiffs have not directed the Court to any Texas cases holding a defendant liable under § 876. It 3 is not the role of this Court, ‘Erie-bound,’ to expand Texas tort law.”).28 Plaintiffs’ aiding and abetting claim will be dismissed. 4 5 VI. CONCLUSION For the foregoing reasons, the Court hereby DISMISSES all of Plaintiffs’ claims against 6 7 all Defendants with leave to amend, with the exception of the Opperman Plaintiffs’ claim for 8 common law intrusion upon seclusion against the App Defendants. Plaintiffs have leave to file an 9 amended complaint within thirty days from the date of this Order. IT IS SO ORDERED. 10 United States District Court Northern District of California 11 Dated: May 14, 2014 ______________________________________ JON S. TIGAR United States District Judge 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 Plaintiffs argue that because there is no case expressly prohibiting such a claim, Facebook’s motion to dismiss should be denied. This California federal court will decline Plaintiffs’ invitation to create new causes of action under the state law of Texas. 55 28