305 F. Supp. 3d 1078
N.D. Cal.2018Background
- Plaintiff Michael Gonzales (a Lyft driver) sues Uber for using “Hell” spyware (2014–2016) to pose as Lyft riders, receive Lyft server responses, and thereby obtain Lyft drivers’ identifiers and precise geolocation data.
- Plaintiff alleges Uber used the data to map drivers, identify drivers who also used Uber, and direct profitable trips to them—reducing Lyft supply, increasing wait times, and decreasing driver earnings.
- Claims in the First Amended Complaint: Wiretap Act (ECPA), Stored Communications Act (SCA), CIPA (Cal. Penal Code §§ 632, 637.7), California CFAA/CDAFA (Cal. Penal Code § 502), California constitutional invasion of privacy, and UCL.
- Uber moved to dismiss all claims; Court heard argument and granted the motion with leave to amend for most claims, dismissing Section 637.7 CIPA claim without leave to amend.
- Key factual legal tensions: whether geolocation/ID info constitute “contents” of communications; whether Uber “intercepted” communications (contemporaneous acquisition); whether Lyft-stored data was in “electronic storage” under SCA; and whether drivers reasonably expected privacy or consented to tracking.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Wiretap Act — content (18 U.S.C. § 2511) | Geolocation, Lyft ID, availability and pricing are "contents" of drivers' communications | Such data are automatically generated record/metadata, not the communicative "contents" | Dismissed; plaintiff failed to allege contents (leave to amend limited to plausible content allegations) |
| Wiretap Act — interception | Uber intercepted drivers' communications by impersonating riders and capturing Lyft's responses | Uber acquired Lyft↔Uber communications, not contemporaneous transmissions from drivers, so no interception | Dismissed for failure to plead interception (leave to amend narrow) |
| Stored Communications Act (SCA) | Uber accessed Lyft-stored location data; access was unauthorized | Lyft servers store data permanently (not temporary/back-up) so SCA not implicated; access may have been unauthorized but storage element missing | Dismissed: plaintiff failed to plead "electronic storage" as defined; leave to amend to allege backup/temporary storage facts |
| CIPA § 632 (eavesdropping) | Uber surreptitiously collected messages Lyft sent (acting as riders) | § 632 protects eavesdropping on communications between two other parties; allegations do not show Uber listened to such confidential conversations | Dismissed as to § 632; plaintiff did not plead eavesdropping on confidential conversations (leave to amend denied for § 637.7 only) |
| CIPA § 637.7 (electronic tracking) | Uber used electronic tracking to determine drivers' locations without authorization | Drivers consented to phone tracking by using Lyft (consent in Lyft terms) | Dismissed without leave to amend: statutory consent exception applies on pleaded facts |
| Cal. CDAFA (§ 502) | Uber knowingly accessed Lyft systems and data without permission in violation of § 502 subdivisions | Allegations are boilerplate; must plead specific unauthorized access to plaintiff’s computer/system and concrete misuse | Dismissed for failure to satisfy Rule 8; leave to amend to plead specific conduct |
| California constitutional invasion of privacy | Uber obtained home addresses and detailed schedules—serious privacy invasion | Drivers consented to sharing location with Lyft and cannot reasonably expect privacy; alleged harms not shown to be egregious | Dismissed for failure to plead reasonable expectation and egregious invasion; leave to amend |
| UCL (unlawful/unfair conduct) | Uber’s conduct reduced Lyft driver supply and caused lost earnings/wait times—economic injury | Uber argues other claims fail, but economic injury not established | UCL claim survives: plaintiff plausibly alleged lost money/property from decreased earnings and standing |
Key Cases Cited
- In re Zynga Privacy Litig., 750 F.3d 1098 (9th Cir.) (distinguishes content from automatically generated record information)
- United States v. Reed, 575 F.3d 900 (9th Cir.) (call-detail information is non-content)
- Konop v. Hawaiian Airlines, 302 F.3d 868 (9th Cir.) ("intercept" requires acquisition during transmission, not in storage)
- Theofel v. Farey-Jones, 359 F.3d 1066 (9th Cir.) (SCA storage definitions and scope)
- United States v. Smith, 155 F.3d 1051 (9th Cir.) ("acquisition" ordinary meaning guidance)
- In re iPhone Application Litigation, 844 F. Supp. 2d 1040 (N.D. Cal.) (geolocation data treated as non-content; privacy disclosure analysis)