MEMORANDUM & ORDER
INTRODUCTION
A nationwide class of plaintiffs brings this action against JetBlue Airways Corporation (“JetBlue”), Torch Concepts, Inc. (“Torch”), Acxiom Corporation (“Acxiom”), and SRS Technologies (“SRS”) for alleged violations of the Electronic Communications Privacy Act of 1986 (“ECPA”), 18 U.S.C. § 2701, et seq. (1986), and violations of state and common law. Plaintiffs claim that defendants violated their privacy rights by unlawfully transferring their personal information to Torch for use in a federally-funded study on military base security. Plaintiffs seek a minimum of $1,000 in damages per class member, or injunctive relief to the extent that damages are unavailable, as well as a declaratory judgment. Defendants have moved to dismiss the Amended Complaint pursuant to Rule 12(b)(6) of the Federal Rules of Civil Procedure on the grounds that plaintiffs have failed to state a federal cause of action under the ECPA, that plaintiffs’ state law claims are federally preempted, and that plaintiffs have failed to state any claim under state law.
PROCEDURAL HISTORY
This case is a multidistrict consolidated class action. Initially, a total of nine putative class actions were brought, eight in the Eastern District of New York and one in the Central District of California, 1 on behalf of persons allegedly injured by Jet-Blue’s unauthorized disclosure of personally identifiable travel information. On February 24, 2004, the Judicial Panel on Multidistrict Litigation ordered, pursuant to 28 U.S.C. § 1407, that the action pending in the Central District of California be
*304 transferred to this Court for coordinated or consolidated pretrial proceedings with the actions already pending in this district. Since that time, five more cases have been joined in the action. 2 The consolidated class filed its Amended Complaint in this Court on May 7, 2004.
STATEMENT OF FACTS
Unless otherwise indicated, the following facts set forth in plaintiffs’ Amended Complaint are presumed to be true for purposes of defendants’ motions to dismiss. JetBlue has a practice of compiling and maintaining personal information, known in the airline industry as Passenger Name Records (“PNRs”), on each of its adult and minor passengers. Information contained in PNRs includes, for example, passenger names, addresses, phone numbers, and travel itineraries. (Am. Compl. ¶ 38; PL’s Mem. at 4-5.) The PNRs are maintained, or temporarily stored, on JetBlue’s computer servers, and passengers are able to modify their stored information. (Am. Comply 39.) Acxiom, a world leader in customer and information management solutions, maintains personally-identifiable information on almost eighty percent of the U.S. population, including many Jet-Blue passengers, which it uses to assist companies such as JetBlue in customer and information management solutions. (Id. ¶ 22; PL’s Mem. at 4.)
The personal information that forms the basis of JetBlue’s PNRs is obtained from its passengers over the telephone and through its Internet website during the selection and purchase of travel arrangements. In order to encourage the provision of personal information in this manner, JetBlue created a privacy policy which provided that the company would use computer IP addresses only to help diagnose server problems, cookies to save consumers’ names, e-mail addresses to alleviate consumers from having to re-enter such data on future occasions, and optional passenger contact information to send the user updates and offers from JetBlue. (Am.Compl^ 36.) The JetBlue privacy policy specifically represented that any financial and personal information collected by JetBlue would not be shared with third parties and would be protected by secure servers. JetBlue also purported to have security measures in place to guard against the loss, misuse, or alteration of consumer information under its control. (Id. ¶ 37.)
In the wake of September 11, 2001, Torch, a data mining company similar to Acxiom, presented the Department of Defense (“DOD”) with a data pattern analysis proposal geared toward improving the security of military installations in the United States and possibly abroad. Torch suggested that a rigorous analysis of personal characteristics of persons who sought access to military installations might be used to predict which individuals pose a risk to the security of those installations. (Id. ¶ 42.) DOD showed interest in Torch’s proposal and added Torch as a subcontractor to an existing contract with SRS so that Torch could carry out a limited initial test of its proposed study. The SRS contract was amended to include airline PNRs as a possible data source in connection with Torch’s study. (Id. ¶ 43.) Because Torch needed access to a large national-level database of personal information and because no federal agencies approached by Torch would grant access to their own governmental databases, Torch indepen *305 dently contacted a number of airlines in search of private databases that might contain adequate information tp serve its requirements. (Id. ¶¶ 43-^16.) These airlines declined to share their passengers’ personal information unless the Department of Transportation (“DOT”) and/or the Transportation Security Administration (“TSA”) were involved and approved of such data sharing. (Id. ¶ 46.)
Unable to obtain the data through its own devices, Torch asked members of Congress to intervene on its behalf with the airlines or federal agencies. (Id. ¶ 47.) Torch also contacted the DOT directly. (Id. ¶ 48.) Following a series of meetings, the DOT and the TSA agreed to assist Torch in obtaining consent from a national airline to share its passenger information. (Id. ¶ 51.) On July 30, 2002, the TSA sent JetBlue a written request to supply its data to the DOD, and JetBlue agreed to cooperate. (Id. ¶¶ 53-54.) In September 2002, JetBlue and Acxiom collectively transferred approximately five million electronically-stored PNRs to Torch" in connection with the SRS/DOD contract. (Id. ¶¶ 53, 55.) Then, in October 2002, Torch separately purchased additional data from Acxiom for use in connection with the SRS contract. This data was merged with the September 2002 data to create a single database of JetBlue passenger information including each passenger’s name, address, gender, home ownership or rental status, economic status, social security number, occupation, and the number of adults and children in the passenger’s family as well as the number of vehicles owned or leased. (Id. ¶ 56.) Using this data, Torch began its data analysis and created a customer profiling scheme designed to identify high-risk passengers among those traveling on JetBlue. (Id. ¶¶ 57-58.)
In- or about September 2003, government disclosures and ensuing public investigations concerning the data transfer to Torch prompted JetBlue Chief Executive Officer David Neelman to acknowledge that the transfer had been a violation of JetBlue’s privacy policy. (Id. ¶¶ 63, 65-66.) A class of plaintiffs whose personal information was among that transferred now brings this action against JetBlue, Torch, Acxiom, and SRS, seeking monetary damages, including punitive damages, and injunctive relief. (Id. ¶ 5.) Plaintiffs assert five causes of action against all defendants: (1) violation of the Electronic Communications Privacy Act of 1986 (“ECPA”), 18 U.S.C. § 2701, et seq., (2) violation of the New York General Business Law and other similar state consumer protection statqtes, (3) trespass to property, (4) unjust enrichment,.and (5) declaratory judgment. 3 In addition, plaintiffs bring a sixth claim for breach of contract against JetBlue. All defendants have moved for dismissal pursuant to Rule 12(b)(6) of the Federal Rules of Civil Procedure. Defendants argue that plaintiffs have failed to state a claim under federal or state law and that the state law claims asserted are expressly preempted by the Airline Deregulation Act, 49 U.S.C. § 41713(b) (1997), or impliedly preempted by the federal government’s pervasive occupation of the field of aviation security. The federal government filed a statement of interest arguing that no defendant violated the ECPA and urging dismissal of the federal claim.
DISCUSSION
I. Legal Standard for Rule 12(b)(6) Motion to Dismiss
In deciding a motion to dismiss pursuant to Rule 12(b)(6) of the Federal Rules of
*306
Civil Procedure for failure to state a claim upon which relief can be granted, a court must accept the factual allegations in the complaint as true and draw all reasonable inferences in favor of the plaintiff.
See Press v. Chemical Inv. Servs. Corp.,
II. Electronic Communications Privacy Act
Plaintiffs allege that all defendants violated § 2702 of the Electronic Communications Privacy Act of 1986 (“ECPA”), 18 U.S.C. § 2701, et seq. (1986), by divulging stored passenger communications without the passengers’ authorization or consent. 4 (Am.CompLIffl 74-84.) Section 2702 provides, in pertinent part, that:
(1) a person or entity providing an electronic communication service to the public shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service ...
(2) a person or entity providing remote computing service to the public shall not knowingly divulge to any person or entity the contents of any communication which is carried or maintained on that service....
18 U.S.C. § 2702(a). The statute defines “electronic communication service” as “any service which provides to users the ability to send or receive wire or electronic communications.” 18 U.S.C. § 2510(15). The term “electronic communication” includes “any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by wire, radio, electronic, photoelectronic or photoptical system that affects interstate or foreign commerce.” 5 18 U.S.C. § 2510(12). “[R]emote computing service” refers to “the provision to the public of computer storage or processing services by means of an electronic communication system.” 18 U.S.C. § 2711(2).
Plaintiffs allege that the JetBlue Passenger Reservation Systems 6 constitute an “electronic communication service” within the meaning of the statute. (Am. Comply 76.) Plaintiffs argue that, on a Rule 12(b)(6) motion to dismiss, this Court should not go beyond this allegation in evaluating the merits of their claim. (Pl.’s Mem. at 12-13.) JetBlue, supported by a Statement of Interest filed by the federal government, counters that plaintiffs have failed to state a viable claim under the *307 ECPA, because § 2702 applies only to persons or entities providing a remote computing service or electronic communication service to the public and, as a commercial airline, it provides neither of these. Torch, Acxiom, and SRS argue that, for the same reasons, they too are outside the scope of § 2702. Plaintiffs’ claim against those defendants rests on a theory of aiding and abetting or conspiracy with Jet-Blue. (See Tr. of Oral Argument at 65.)
The starting point for statutory analysis is the plain meaning of the language of the statute.
United States v. Ripa,
This reading of the statute finds substantial support in the case law. Although the Second Circuit has not yet had occasion to construe the term “electronic communication service,” a number of courts in this and other circuits have done so, some in cases factually similar to this case. The weight of this persuasive authority holds that companies that provide traditional products and services over the Internet, as opposed to Internet access itself, are not “electronic communication service” providers within the meaning of the ECPA.
9
In
*308
Crowley v. Cybersource Corp.,
the court held that online merchant Amazon.com was not an electronic communication service provider despite the fact that it maintained a website and receives electronic communications containing personal information from its customers in connection with the purchase of goods.
Relying on these authorities, a number of courts have specifically addressed the applicability of the term “electronic communication service” to national airlines that operate on-line reservations systems similar to that maintained by JetBlue. Almost without exception,
10
those courts have concluded that the term does not encompass companies that sell air travel over the Internet but are not in the business of selling Internet access itself.
See Copeland v. Northwest Airlines Corp.,
No. 04-2156 MW (W.D.Tenn. Feb. 28, 2005) (agreeing with the reasoning of numerous courts that have found that the ECPA does not apply to businesses selling their products and services over the Internet);
Dyer v. Northwest Airlines Corporations,
Plaintiffs argue that the decisions in the Northwest Airlines cases are not persuasive because they rely on questionable and inapposite authorities. Specifically, plaintiffs observe that the cases rest heavily on
Crowley,
which in turn rests principally on
Andersen.
Because
Andersen
concerned a company that only provided e-mail services to a hired contractor for use in connection with a specific project, and because that company did not provide the general public with the ability to send or receive wire or electronic communications, plaintiffs argue that the import of the ease is limited to private communications loops
*309
and does not reach the JetBlue or Amazon.com models, which, through their websites, offer their products and services to the public at large. However, apart from considering the limited scope of the e-mail system at issue, the
Andersen
case also addressed the significance under the ECPA of the fact that Andersen, the hired contractor, could communicate with third-parties over the Internet using the e-mail capabilities provided by the defendant company. The court held that “[t]he fact that Andersen could communicate to third-parties over the Internet and that third-parties could communicate with it did not mean that [the hiring company] provided an electronic communication service to the public.”
Andersen,
Notably, the only court within the Second Circuit to have considered the meaning of the term “electronic communication service” reached a result similar to that in
Andersen
and
Crowley
without relying on those cases.
See In re Doubleclick Inc. Privacy Litigation, 154
F.Supp.2d 497 (S.D.N.Y.2001). Grounding its analysis in the wording of the statute itself, the
Doub-leclick
court began by identifying “Internet access” as the relevant “electronic communication service,” or “service which provides to users thereof the ability to send or receive wire or electronic communications.”
Id.
at 508. Examples of providers in the Internet world, the court determined, include such internet service providers as “America Online, Juno and UUNET, as well as, perhaps, the telecommunications companies whose cables and phone lines carry the traffic.”
Id.
at 511 n. 20;
see also Dyer,
Plaintiffs’ attempt to distinguish the case law is unavailing. They contend that
Doubleclick
and
Crowley
bear little if any relation to this case because the plaintiffs in those cases failed to allege that any party was a provider of an electronic communication service. (Pl.’s Mem. at 13; Tr. of Oral Argument at 40.) Although it is true that the plaintiffs in
Crowley
initially failed to make such an allegation, it is clear from the court’s opinion that they ultimately did argue that Amazon.com is an electronic communication service provider. That argument was considered by the court and rejected on the merits.
Crowley,
Based upon the foregoing, this Court finds as a matter of law that JetBlue is not an electronic communication service provider within the meaning of the ECPA. The Court notes plaintiffs’ argument that dismissal of the ECPA claim on a 12(b)(6) motion is premature because discovery is *310 needed to understand the flow of information between the potential airline customer and JetBlue but finds it unpersuasive. (Tr. of Oral Argument at 38, 42.) Regardless of how the data is stored and transmitted, plaintiffs have not alleged facts that could give rise to a finding that Jet-Blue is an electronic communication service provider within the meaning of the ECPA.
Plaintiffs have also failed to establish that JetBlue is a remote computing service. Plaintiffs simply make the allegation without providing any legal or factual support for such a claim. As discussed, the term “remote computing service” is defined in the ECPA as “the provision to the public of computer storage or processing services by means of an electronic communication system.” 18 U.S.C. § 2711(2). The statute’s legislative history explains that such services exist to provide sophisticated and convenient data processing services to subscribers and customers, such as hospitals and banks, from remote facilities. See S.Rep. No. 99-541 (1986), reprinted in 1986 U.S.C.C.A.N. 3555, 3564. By supplying the necessary equipment, remote computing services alleviate the need for users of computer technology to process data in-house. See id. Customers or subscribers may enter into time-sharing arrangements with the remote computing service, or data processing may be accomplished by the service provider on the basis of information supplied by the subscriber or customer. Id. at 3564-65. Although plaintiffs allege that JetBlue operates a website and computer servers (Am. Compile 36, 39), no facts alleged indicate that JetBlue provides either computer processing services or computer storage to the public. As such, under the plain meaning of the statute, JetBlue is not a remote computing service.
For the foregoing reasons, JetBlue as a matter of law is not liable under § 2702 of the ECPA. Because the sole basis for plaintiffs’ ECPA claim against Torch, Acx-iom, and SRS is an aiding and abetting or conspiracy theory, the claim against those defendants cannot stand absent liability on the part of JetBlue. Accordingly, all defendants’ motions to dismiss are granted with respect to the ECPA claim.
III. Supplemental Jurisdiction
In addition to the federal statutory claim, plaintiffs bring three state and common law claims against defendants Torch, Aexiom, and SRS and four state and common law claims against JetBlue. As a general rule, “where federal law claims are dismissed before trial, the state claims should be dismissed as well.”
Marcus v. AT&T Corp.,
In
Valencia,
the Second Circuit set forth factors that a district court should consider when deciding whether to exercise supplemental jurisdiction after all federal law claims have been dismissed from a case.
See Valencia,
In this case, defendants advocate the exercise of pendent jurisdiction on two grounds. First, defendants note that federal preemption doctrine is substantially implicated in the resolution of any state law claims. Although not determinative, this is “an important factor supporting the exercise of supplemental jurisdiction.”
Drake,
The Court concludes that the primacy of preemption questions raised, combined with the objectives underlying multi-dis-trict litigation, make it appropriate to exercise supplemental jurisdiction in this case. In addition, the case does not raise novel or unresolved questions of state law that are best reserved for state courts, nor does it implicate competing state policies or matters of state governance. Accordingly, the balance of factors set forth in
Valencia
counsels in favor of this Court’s retention of supplemental jurisdiction. The Court therefore accepts supplemental jurisdiction over the question of preemption as well as all state and common law claims that are not deemed preempted by federal law.
See Axess Intern., Ltd. v. Intercargo Ins.
*312
Co.,
IV. Federal Preemption of State and Common Laiu Claims
The Supremacy Clause of the United States Constitution provides that federal law “shall be the supreme Law of the Land; ... any Thing in the Constitution or Laws of any State to the Contrary notwithstanding.” U.S. Const. Art. VI, cl. 2. Accordingly, “[u]nder the doctrine of preemption, a corollary to the Supremacy Clause, any state or municipal law that is inconsistent with federal law is without effect.”
Greater New York Metro. Food Council, Inc. v. Giuliani,
There are two basic types of preemption, express and implied.
See Cipollone,
A. Express Preemption
The Airline Deregulation Act of 1978 (“ADA”) contains an express preemption clause, which provides that states “may not enact or enforce a law, regulation, or other provision having the force and effect of law related to a price, route, or service of an air carrier....” 49 U.S.C. § 41713(b) (1997). In this case, plaintiffs allege that the collection of certain of their personal information under a false promise of privacy violated New York General Business Law § 349 and other similar state statutes, and that dissemination of the same information without their knowledge or consent amounted to breach of contract, trespass to property, and unjust enrichment. Defendants argue that plaintiffs’ state and common law claims are all preempted by the express preemption provision of the ADA.
The Supreme Court has twice visited the question of express preemption by the ADA clause. First, in
Morales v. Trans
*313
World Airlines,
the Court determined that fare advertising provisions of guidelines promulgated by the National Association of Attorneys General (“NAAG”), which explained in detail how existing state laws applied to airline industry advertising and frequent flyer programs, were preempted.
Thereafter, in
American Airlines, Inc. v. Wolens,
the Supreme Court determined that the ADA clause also preempted claims under the Illinois Consumer Fraud and Deceptive Business Practices Act (“Consumer Fraud Act”), 815 Ill. Comp. State. § 505 (1992), concerning frequent flyer program modifications that devalued credits that members had already earned.
The
Wolens
court drew a distinction, however, based upon the nature of the claims advanced by the plaintiff. In concluding that a claim for breach of contract was not preempted, the Court determined, as a general rule, that the ADA does not preclude adjudication of a contractual claim where the suit seeks recovery “solely for the airline’s alleged breach of its own, self-imposed undertakings” and does not allege violation of any state-imposed obligations.
Id.
at 228,
In its most thorough analysis to date of the ADA preemption clause, the Second Circuit commented on the difficulty of applying the clause, noting that it sets forth an “illusory test” that defies bright line rules and can only be applied on a case-by-case basis. See
Abdu-Brisson v. Delta Airlines, Inc.,
This understanding led the Second Circuit to reverse a district court determination that the ADA preempted an age discrimination claim brought under state and city human rights laws.
See Abdu-Brisson,
For a claim to be preempted, however, the underlying state law need not expressly refer to air carrier rates, routes or services. Rather, as established by
Wolens
and Morales, a claim is preempted if application of the state rule of decision would have a significant economic effect upon airline rates, routes, or services.
United Airlines, Inc. v. Mesa Airlines, Inc.,
1. Neiv York General Business Law and Other State Consumer Protection Statutes
Plaintiffs claim that, in violation of the New York General Business Law and other consumer protection statutes,
12
all defendants engaged in unfair or deceptive acts and practices by knowingly and surreptitiously conspiring to obtain and by obtaining, maintaining, and manipulating class members’ personal data that was received in direct violation of JetBlue’s privacy policy. (Am.Compl.1ffl 93-94.) This claim fits squarely within the range of state law actions that the Supreme Court concluded, in
Wolens
and
Morales,
are expressly preempted by the ADA, because it represents a direct effort to regulate the manner in which JetBlue communicates with its customers in connection with reservations and ticket sales, both of which are services provided by the airline to its customers.
See In re Northwest,
Where a state law claim is said to relate to an airline service, courts in this and other circuits apply a tripartite test for preemption set forth in
Rombom v. United Air Lines, Inc.,
Applying the Rombom test to the facts of this case, the first prong is clearly satisfied. As this claim concerns the lawfulness of representations made by Jet-Blue in the course of communicating with potential passengers, the relevant activity for purposes of preemption analysis is the provision of reservations and the sale of tickets to travel with JetBlue. In arguing that the service in question is the disclosure of passenger data for use in a military base security study, plaintiffs misconstrue the issue. (See Pl.’s Mem. at 32-33.) The second prong is also met, as an attempt to regulate the representations and commitments that JetBlue makes in connection with reservations and ticket sales directly affects the airline’s provision of those services. Finally, the third prong is satisfied because the communication of company policy concerning data collection and disclosure is reasonably necessary to the facilitation of reservations and ticket sales. In this regard, it is important to note that although the unauthorized disclosure of plaintiffs’ personal information is at issue in this § 349 claim, the principal focus of the claim is the allegedly deceptive steps taken to obtain that information. Thus, the complained-of conduct did occur in the course of the provision of the service of reservations and ticket sales, and as stated, the communication of company policy with respect to collection and use of data obtained in the course of that service is reasonably related to the provision of the service. Because the Court finds that this claim is preempted based on its relation to JetBlue’s services, the Court need not address the argument that it is also preempted by virtue of its relation to JetBlue’s rates and routes.
2. Common Law Claims
In addition to the state statutory claims, plaintiffs bring a claim for breach of contract against JetBlue and claims for trespass to property and unjust enrichment against all defendants. As set forth below, none of these claims is preempted. The breach of contract claim falls within the exception carved out in Wolens for the enforcement of self-imposed contractual undertakings. Neither of the tort claims relates to JetBlue’s rates, routes, or services in the same way that the state statutory claim does.
a. Breach of Contract
The basis for plaintiffs’ breach of contract claim is the allegation that JetBlue’s published privacy policy constitutes a self-imposed contractual obligation by and between the airline and the consumers with whom it transacted business, including plaintiffs and the members of the class. (Am.CompU 88.) Plaintiffs further allege *317 that JetBlue breached this contract when it disclosed its passengers’ personal information, without their consent, in violation of its privacy policy. (Id. ¶ 90.) JetBlue argues that this claim is preempted because the Court will have to resort to external sources of law, including federal regulations, 13 to determine if the privacy policy became a term in the Contract of Carriage. (JetBlue Reply Mem. at 18-19.) JetBlue also argues that, if that the privacy statement is determined to constitute a contract, the Court will have to look outside the “terms” of that contract, to state law damages schemes, to determine recoverable damages. (JetBlue Mem. at 22; JetBlue Reply Mem. at 19.) In JetBlue’s view, “even a self-imposed undertaking that requires resort to state law to address its breach is, by that resort to state law, preempted.” (JetBlue Mem. at 22.)
These arguments are misplaced. In
Wolens,
the Supreme Court sought to preclude states from undoing federal deregulation of the airline industry. In carving out the exception for the enforcement of contracts, the Court recognized that the application of state law to honor private bargains does not threaten to undermine federal deregulation in the same way that enforcement of state public policy would.
See generally Fondo v. Delta Airlines, Inc.,
JetBlue’s suggestion that courts may never look to generalized canons of contract interpretation to determine the parameters of private agreements without implicating the doctrine of preemption is unsupportable. If JetBlue’s position were correct, there would be very little left of the
Wolens
exception, as most contractual arrangements that become the subject of litigation present some question that requires resort to general principles of state contract law. The critical distinction between principles of contract law that fall within and without the
Wolens
exception is whether they “seek to effectuate the intent of the parties rather than the State’s public policies.”
See In re EVIC Class Action Litigation, Inc.,
The relief plaintiffs seek in connection with the breach of contract claim is limited to actual damages.
14
(See
Am. Compl.
*318
¶ 91.) Resolution of this claim will require the Court to determine whether the privacy policy gave rise to a contractual obligation and, if so, what damages rules apply. These determinations must be made with reference to state law, but that state law does not impose any substantive standards with respect to airline rates, routes, or services.
See Wolens,
b. Trespass to Property
Plaintiffs allege that the transfer by Jet-Blue of data containing passengers’ personal information amounts to trespass to property. (Am.Compl^ 100.) To date, no federal court has specifically addressed the preemptive effect of the ADA clause on state law claims for trespass to property. 15 Defendants argue that “[t]he manner in which an airline handles and utilizes passenger information is intimately intertwined with its rates, routes, and services and is, in fact, regulated by federal law.” 16 (JetBlue Mem. at 19.)
The thrust of defendants’ argument with regard to rates and routes is that prevention of future terrorist attacks on military installations will protect the integrity of routes and avoid negative impacts on the financial prospects of air carriers. (See id. at 19-20.) More specifically, defendants claim that a successful military base security study could ultimately improve the safety of commercial air travel and possibly reduce rates to the extent that JetBlue is able to transfer the costs of certain security improvements to the federal government. (See Tr. of Oral Argument at 17-18.) Defendants further urge that “[i]n order for Plaintiffs to succeed in stating any common law claim, they must ... scrub historical context from all of Jet-Blue’s actions.... ” (JetBlue Reply Mem. at 13.) The historical context to which defendants allude begins, of course, with the events of September 11, 2001.
Although defendants raise emotionally compelling concerns about the potential of state tort liability to chill airline participation in security studies, they fail to establish how a claim for trespass to property that pertains to the dissemination of plaintiffs’ information directly relates to airline rates or routes. In pointing to the potential economic and safety benefits of a successful security study, the connection that plaintiffs suggest to rates and routes
*319
is attenuated at best. The Second Circuit has held that indirect effects on an airline’s competitive position do not meet the test for preemption of state law claims.
See Abdu-Brisson,
Defendants’ argument based on airline services also fails the
Rombom,
test.
Rombom,
As a final matter, the Court notes that defendants’ proffered justification for the dissemination of plaintiffs’ data is not the proper focus of preemption analysis under the ADA clause. Preemption analysis is based on the nature of the state law claim asserted by a plaintiff and its relation, if any, to airline rates, routes, and services, not the answer or affirmative defense asserted by the defendant.
See Parise v. Delta Airlines, Inc.,
c. Unjust Enrichment
Plaintiffs allege that all defendants in this case were unjustly enriched by the disclosure of confidential information concerning JetBlue passengers. (Pl.’s Mem. at 60.) Specifically, they claim that Jet-Blue received remuneration from Torch or another party in exchange for disclosing PNR data, and that the other defendants profited as contractors or subcontractors on the Department of Defense study as a *320 result of JetBlue’s contribution of the data. (Id. at 60-61; Am. Compl. ¶¶ 107-108.) Defendants make the very same preemption argument in connection with this claim as they make in connection with the trespass to property claim, that a successful military base security study could affect routes by improving the safety of commercial air travel and rates by transferring the cost of certain security improvements to the federal government.
Few federal courts have considered the preemptive effect of the ADA clause on claims for unjust enrichment. Of those that have, most found that the claims at issue directly related to air carrier rates or services and held those claims preempted.
See, e.g., Lehman v. USAIR Group, Inc.,
B. Implied Preemption
Because the information at issue in this case was turned over for a security study at the behest of a federal agency, defendants argue that plaintiffs’ claims are impliedly preempted by the federal government’s pervasive occupation of the field of aviation security. Field preemption occurs “if federal law so thoroughly occupies a legislative field as to make reasonable the inference that Congress left no room for the States to supplement it.”
Cipollone v. Liggett Group, Inc.,
“As is always the case in preemption analysis, Congressional intent is the ‘ultimate touchstone.’ ”
Freeman v. Burlington Broadcasters, Inc.,
In practice, “[i]t is often a perplexing question whether Congress has precluded state action or by the choice of selective regulatory measures has left the police power of the States undisturbed except as the state and federal regulations collide.”
Rice,
Defendants contend that a “mosaic of federal laws and regulations” evince an intent on the part of Congress for the federal government to completely occupy the field of aviation security and national security as it relates to the dissemination of passenger information by commercial airlines for the prevention of terrorist attacks.
(See
JetBlue Mem. at 23; JetBlue Reply Mem. at 23-24.) This mosaic begins with the creation of the Federal Aviation Agency, later renamed the Federal Aviation Administration (“FAA”), as an agency within the Department of Transportation. The FAA was created in the wake of a “series of fatal air crashes between civilian and military aircraft operating under separate flight rules,”
United States v. Christensen,
Defendants posit that federal regulatory control is particularly dominant in the area of aviation security. (JetBlue Mem. at 25.) In support, they cite several legislative enactments beginning with the 1961 passage of a statute criminalizing air piracy. Enacted immediately after the first hijacking of a U.S. commercial aircraft, this statute, combined with “related rules issued under the regulatory authority of the Administrator, provide[s] the basis for the antihijacking program.”
United States v.
*322
Davis,
After the bombing of Pan Am Flight 103 over Lockerbie, Scotland, Congress again amended the FAA Act by enacting the Aviation Security Improvement Act of 1990, Pub.L. No. 101-604, 104 Stat. 3066 (1990). This Act established a Director of Intelligence and Security in the office of the Secretary of Transportation and provided inter alia for security improvements at airports. Id. §§ 101, 103. The Act also called for the FAA Administrator to “establish and carry out a program to accelerate and expand the research, development, and implementation of technologies and procedures to counteract terrorist acts against civil aviation.” Id. § 107.
Following the terrorist attacks of September 11, 2001, Congress passed two free-standing statutes: the Aviation and Transportation Security Act, Pub.L. No. 101-71, 115 Stat. 597 (2001), and the Homeland Security Act of 2002, Pub.L. No. 107-296, 116 Stat. 2135 (2002). In addition to broadening authority for aviation security measures, the Aviation and Transportation Security Act transferred responsibility that previously fell upon the FAA to a newly created administrative body, the Transportation Security Administration (“TSA”). See 49 U.S.C. § 114. The Homeland Security Act removed the TSA from the Department of Transportation and placed it under the jurisdiction of the Department of Homeland Security, see Homeland Security Act § 403, which in defendants’ view emphasizes the role of the commercial airline industry in the realm of national security. The TSA is the entity that requested JetBlue provide its PNR data for use in the security study.
The TSA is specifically charged with management of security information. 49 U.S.C. § 114(h). Among its enumerated powers and responsibilities, it is tasked to “identify and undertake research and development activities necessary to enhance transportation security,” 49 U.S.C. § 114(f)(8), and to establish policies and procedures requiring air carriers to use information supplied by government agencies to identify high-risk passengers. 49 U.S.C. § 114(h)(3)(A). Notably, it also has specific Congressional authorization to “consider [in consultation with the Transportation Security Oversight Board] requiring passenger air carriers to share passenger lists with appropriate Federal agencies for the purpose of identifying individuals who may pose a threat to aviation safety or national security.” 49 U.S.C. § 114(h)(4). Presumably, after undertaking the appropriate consultative process, the TSA would have had authority to require JetBlue to share its passenger lists for use in the Torch security study. It bears noting that the TSA did not exercise that authority prior to the events at issue in this case and instead issued a request with which JetBlue voluntarily complied. The data transfer by JetBlue is therefore not insulated from state law liability as a result of any direct conflict with federal *323 regulatory action on this issue. 17
Defendants cite a host of additional functions entrusted to the TSA and other federal entities, 18 as well as a litany of security-related regulations enacted by the TSA, to round out the argument that the field of aviation security — particularly as it relates to information sharing among air carriers and federal agencies — is entirely preempted by federal law. Though only a small subset relates specifically to the collection and dissemination of passenger information, the breadth of these regulations and responsibilities is extensive.
Even if field preemption could be established in the area of aviation security — a question on which the Court expresses no final opinion at this time — it is at least an issue of fact, on the record now before the Court, whether or not the actions complained of in this case properly implicate the field of aviation security. Plaintiffs allege, and defendants do not dispute, that the purpose of the JetBlue data transfer was to support a study designed to prevent attacks on military installations following the September 11, 2001 attack on the Pentagon. According to plaintiffs’ Amended Complaint, Torch considered that data pattern analysis of personal characteristics of persons who sought access to military installations might help predict which persons pose a risk to the security of those installations. (Am.ComplV 42.) Although defendants suggest that the study specifically aimed to identify potential terrorists arriving by air in areas near military bases (JetBlue Mem. at 3), the facts pled only establish that a large, national level database was needed to assess the efficacy of Torch’s data analysis tool for predicting terrorist behavior, not that the database had to concern commercial airline passengers in particular. (See Am. Compl. ¶ 43.)
Indeed, according both to plaintiffs’ Amended Complaint and to an official report of the Department of Homeland Security (“DHS”) Privacy Office, Torch initially approached a number of federal agencies unrelated to aviation that operate governmental databases containing personal information suitable for use in testing its program. When each of those agencies refused to participate in the study, Torch turned its attention to commercial sources of personal information, including airlines and data aggregators which were thought to maintain databases containing adequate cross-sections of personal characteristics. (Id. ¶¶ 44-45; Department of Homeland Security Privacy Office, Report to the Public on Events Surrounding JetBlue *324 Data Transfer (“DHS Report”), Feb. 20, 2004, at 4). Unable to obtain the necessary personal information, Torch then turned to members of Congress, asking them to intervene on the company’s behalf with airlines or federal agencies. (Am Compl. ¶ 47.) Although the agency that ultimately became involved on Torch’s behalf was the TSA, and although the supplier of the database used happened to be JetBlue, the record before the Court does not establish that the study was inherently or necessarily focused on aviation-based threats to military base security or that data concerning commercial airline passengers was essential to advance the study’s purposes. Indeed, the official DHS Report found that “[wjhile one form of base security may have included preventing terrorist attacks by air directed at military installations, the overarching purpose was the prevention of unauthorized or unwanted entry onto military bases via a variety of forms of entry.” DHS Report at 5. The primary purpose of the study thus was something “other than transportation security.” Id. at 9.
The Court appreciates that JetBlue’s decision to cooperate with Torch was likely motivated, at least in part, by a legitimate interest in advancing efforts to reduce threats to aviation security. The fact that the TSA encouraged JetBlue’s involvement could well have been persuasive, and in the wake of September 11, 2001, the potential for hijacked commercial airliners to be used as instruments of attack on military bases can hardly be denied. Nonetheless, even if defendants were acting with the best of intentions and an eye to aviation security concerns, the record before the Court does not establish as a matter of law that the data transfer at issue in this case properly implicates the field of aviation security. At the very least, there is a question of fact about whether the complained of conduct implicates that field. And as plaintiffs argue, the Court simply cannot assume that Congress intended to relieve airlines of the state law consequences of everything an airline might believe it does for national security reasons, particularly where such conduct is neither mandated nor even permitted by any federal law.
Discovery would be needed to establish whether aviation security is the relevant field in which to ground implied preemption analysis. Accordingly, the issue of implied preemption cannot be resolved on a Rule 12(b)(6) motion to dismiss, and all state and common law claims other than that arising under the New York General Business Law will be addressed on their merits.
V. Failure to State a Claim Under State or Common Law
In addition to arguing that plaintiffs’ state and common law claims are preempted, defendants argue that plaintiffs have failed to state a cause of action for any claim under state law. The Court need not address the merits of the claim raised under the New York General Business Law and similar state statutes, as that claim is expressly preempted by the ADA. Each of the claims that survives preemption analysis is addressed in turn below. For purposes of resolving this motion, all parties agree that New York law applies. {See Tr. of Oral Argument at 9.)
A. Breach of Contract
JetBlue is the only defendant charged with breach of contract in this case. Plaintiffs allege that they made reservations to fly with JetBlue in reliance on express promises made by JetBlue in the company’s privacy policy. (PL’s Mem. at 50; Am. Compl. ¶ 93.) The substance of the contract alleged is therefore a promise by *325 JetBlue not to disclose passengers’ personal information to third parties. (Pl.’s Mem. at 48.) Plaintiffs allege that JetBlue breached that promise, thereby causing injury. (Id. at 51.)
An action for breach of contract under New York law requires proof of four elements: (1) the existence of a contract, (2) performance of the contract by one party, (3) breach by the other party, and (4) damages.
Rexnord Holdings, Inc. v. Bidermann,
With regard to the existence of a contract, plaintiffs contend that JetBlue undertook a “self-imposed contractual obligation by and between [itself] and the consumers with whom it transacted business” by publishing privacy policies on its website or otherwise disclosing such policies to its consumers. (See Am. Compl. ¶ 88.) Plaintiffs maintain that “these self-imposed public assurances ... created an obligation under the contract-of-carriage and a duty on the part of JetBlue and the persons with whom it did business not to act in derogation of JetBlue’s privacy policy....” (Id. ¶ 38.) JetBlue counters that its “stand-alone privacy statement” — which “could only be accessed and viewed by clicking on a separate stand-alone link” on the bottom of JetBlue’s website — is not a term in the contract of carriage. (JetBlue Mem. at 32 n. 19 & 33.) It further notes in this connection that “the entire transaction of purchasing transportation can be done on JetBlue’s website (or by phone or in person) without ever viewing, reading, or relying on JetBlue’s website privacy statement....” (Id. at 32 n. 19.) Although plaintiffs do allege that the privacy policy constituted a term in the contract of carriage, they argue alternatively that a stand-alone contract was formed at the moment they made flight reservations in reliance on express promises contained in JetBlue’s privacy policy. (See Am. Compl. ¶ 38; Pl.’s Mem. at 50-51.) JetBlue posits no persuasive argument why this alternative formulation does not form the basis of a contract.
JetBlue further argues that failure to allege that plaintiffs read the privacy policy defeats any claim of reliance.
(See
JetBlue Reply Mem. at 25.) Although plaintiffs do not explicitly allege that the class members actually read or saw the privacy policy, they do allege that they and other class members relied on the representations and assurances contained in the privacy policy when choosing to purchase air transportation from Jet-Blue. (Am.ComplJ 93.) Reliance presupposes familiarity with the policy. It may well be that some members of the class did not read the privacy policy and thus could not have relied on it, but the issue of who actually read and relied on the policy would be addressed more properly at the class certification stage. For purposes of this motion, the Court considers an allegation of reliance to encompass an allegation that some putative members of the class read or viewed the privacy policy. The Court recognizes that contrary authority exists on this point, but considers the holding in that case to rest on an overly narrow reading of the pleadings.
See In re Northwest,
JetBlue also argues that plaintiffs have faded to meet their pleading requirement with respect to damages, citing an absence of any facts in the Amended Complaint to support this element of the claim. Plaintiffs’ sole allegation on the element of contract damages consists of the statement that JetBlue’s breach of the company privacy policy injured plaintiffs and members of the class and that JetBlue is therefore liable for “actual damages in an amount to be determined at trial.” (Am.ComplJ 91.) In response to JetBlue’s opposition on this point, plaintiffs contend that the Amended Complaint is “replete” with facts demonstrating how plaintiffs were damaged (PL’s Mem. at 47), but cite to nothing more than the boilerplate allegation referenced above and another allegation in the Amended Complaint that they were “injured” (see Am. Compl. ¶ 5). At oral argument, when pressed to identify the “injuries” or damages referred to in the Amended Complaint, counsel for plaintiffs stated that the “contract damage could be the loss of privacy” (Tr. of Oral Argument at 52), acknowledging that loss of privacy “may” be a contract' damage. The support for this proposition was counsel’s proffer that he had never seen a case that indicates that loss of privacy cannot as a matter of law be a contract damage. In response to the Court’s inquiry as to whether a further specification of damages could be set forth in a second amended complaint, counsel suggested only that perhaps it could be alleged or argued that plaintiffs were deprived of the “economic value” of their information. Despite being offered the opportunity to expand their claim for damages, plaintiffs failed to proffer any other element or form of damages that they would seek if given the opportunity to amend the complaint.
The parties argued the issue of the sufficiency of damage allegations under New York state law. Based on this Court’s review of the cited state authorities, it seems plain that had supplemental jurisdiction been declined and had the cases brought in New York proceeded in state court, the contract actions would have been dismissed based upon state pleading rules.
See Smith v. Chase Manhattan Bank, USA, N.A.,
It is apparent based on the briefing and oral argument held in this case that the sparseness of the damages allegations is a direct result of plaintiffs’ inability to plead or prove any actual contract damages. As plaintiffs’ counsel concedes, the only damage that can be read into the present complaint is a loss of privacy. At least one recent case has specifically held that this is not a damage available in a breach of contract action.
See Trikas v. Universal Card Services Corp.,
Plaintiffs allege that in a second amended complaint, they could assert as a contract damage the loss of the economic value of their information, but while that claim sounds in economic loss, the argument ignores the nature of the contract asserted. Citing the hoary case of
Hadley v. Baxendale,
the Second Circuit reminded the parties to the case before it that “damages in contract actions are limited to those that ‘may reasonably be supposed to have been in the contemplation of both parties, at the time they made the contract, as the probable result of the breach of it.’ ”
Young,
Accordingly, plaintiffs having claimed no other form of damages apart from those discussed herein and having sought no other form of relief in connection with the breach of contract claim, JetBlue’s motion to dismiss the claim is granted.
B. Trespass to Property
Plaintiffs allege that defendants committed trespass to property by participating in the transfer of data containing their personal and private information. (Am.CompLf 100.) Because their claim concerns an alleged trespass to something other than real property, it is most accurately treated as a claim for trespass to chattels.
19
See generally Kronos, Inc. v. AVX Corp.,
Preliminarily, in order to sustain this cause of action, plaintiffs must establish that they were in possession of the PNR data that was transferred to Torch.
Kelman v. Wilen,
Under New York law, liability only obtains on this cause of action if a defendant causes harm to “the [owner’s] materially valuable interest in the physical condition, quality, or value of the chattel, or if the [owner] is deprived of the use of the chattel for a substantial time.”
Kuprewicz,
C. Unjust Enrichment
Plaintiffs claim that “[e]ach defendant was unjustly enriched by the disclosure of confidential information concerning JetBlue passengers.” (Pl.’s Mem. at 60.) In order to state a claim for unjust enrichment under New York law, a plaintiff must prove that (1) the defendant was enriched, (2) the enrichment was at plaintiffs expense, and (3) the circumstances were such that equity and good conscience require the defendant to make restitution.
Dolmetta v. Uintah Nat. Corp.,
As a threshold matter, the claim against Torch, Acxiom, and SRS must be dismissed for failure to allege a legally cognizable relationship between plaintiffs and those defendants. Under New York law, the cause of action for unjust enrichment falls under the umbrella of quasi-contract, or contract implied-in-law.
Michele Pommier Models, Inc. v. Men Women N.Y. Model Management, Inc.,
As to the first element in the claim against JetBlue, plaintiffs argue that defendants in this case engaged in the complained-of conduct for their own commercial benefit. (Am.Compl^ 107.) Plaintiffs speculate that JetBlue “received some form of remuneration from Torch or another party as a result of its disclosure of information.” (Pl.’s Mem. at 61.) However, according to JetBlue, the data was made available to Torch for no consideration at the request of the Transportation Security Administration (JetBlue Reply Mem. at 29), and the only benefit JetBlue derived was “the potential for increased safety on its flights and the potential to prevent the use of commercial airlines as weapons that target military bases.” (Jet-Blue Mem. at 39). Plaintiffs do not allege any facts to the contrary, and as JetBlue contends, plaintiffs may not create an issue of fact for purposes of surviving a motion to dismiss simply “by asserting a ‘belief that is supported by no reasonable inquiry, *330 information or fact.” (JetBlue Reply Mem. at 29.) Thus, plaintiffs have failed to establish that JetBlue was enriched by the complained-of conduct.
In addition, the circumstances of this case are not such that equity and good conscience require JetBlue to make restitution to this class of plaintiffs. Under New York law, the granting of equitable relief on a theory of unjust enrichment requires the “indispensable ingredient” of an injustice as between the two parties involved.
Banco Espirito Santo de Investimiento, S.A. v. Citibank, N.A.,
D. Declaratory Judgment
Plaintiffs seek a declaratory judgment stating that defendants violated the Electronic Communications Privacy Act, the New York General Business Law and other similar statutes listed in connection with the deceptive practices claims, as well as plaintiffs’ common law rights against trespass to property, invasion of privacy, 22 breach of contract, and unjust enrichment. As plaintiffs have failed to state viable claims against any defendant, this application is denied.
CONCLUSION
For the reasons set forth above, defendants’ Rule 12(b)(6) motions to dismiss are granted. The Clerk of the Court is directed to enter judgment in accordance with this Order.
SO ORDERED.
Notes
. The cases filed in the Eastern District of New York were: Florence v. JetBlue Airways Corp., et al., 03-CV-4847; Richman v. JetBlue Airways Corp., et al., 03-CV-4859; Hakim v. JetBlue Airways Corp., et al., 03-CV-4895; Seidband v. JetBlue Airways Corp., 03-CV-4933; Block v. JetBlue Airways Corp., 03-CV-4963; Singleton v. JetBlue Airways Corp., 03-CV-5011; Fleet v. JetBlue Airways Corp., 03-CV-5017; and Mortenson v. JetBlue Airways Corp., et al., 03-CV-5209. The case filed in ■ the Central District of California was Turrett v. JetBlue Airways Corp., 03-CV-6785.
. These cases include: Bauman v. JetBlue Airways Corp., et al., 03-CV-5091; Lee v. JetBlue Airways Coip., et al., 03-CV5330; Wites v. JetBlue Airways Corp., 03-CV-5629; Howe v. JetBlue Airways Corp., et al., 03-CV-5633; and Unger v. JetBlue Airways Corp., 04-CV-2094.
. Plaintiffs initially brought an additional claim for invasion of privacy against all defendants. That claim was withdrawn in response to defendants' motions to dismiss.
. Plaintiffs initially asserted a claim under § 2701 of the statute as well, but later withdrew that claim at oral argument on defendants' motions. (See Tr. of Oral Argument at 65.)
. The statute expressly excludes from the definition of "electronic communication”: (a) any wire or oral communication; (b) any communication made through a tone-only paging device; (c) any communication from a tracking device; and (d) electronic funds transfer information stored by a financial institution in a communications system used for the electronic storage and transfer of funds. 18 U.S.C. § 2510(12)(A)-(D).
.JetBlue maintains an Internet website through which passengers can select and purchase travel itineraries.
. Oft-cited examples include internet service providers such as America Online or Juno.
See, e.g., In re Doubleclick Inc. Privacy Litigation,
. JetBlue purchases its Internet access from a third party provider, a global distribution system called Open Skies. (See JetBlue Reply Mem. at 3-4 n. 2.)
. Although plaintiffs cite potentially countervailing authority that either implies or assumes the applicability of the ECPA to entities other than Internet service providers, the cases to which plaintiffs refer do not provide anything but passing consideration of § 2702 liability or the meaning of term "electronic communication service.”
See, e.g., In re Pharmatrak Privacy Litigation,
. The only case to reach a different result was a criminal case that had cause to consider American Airlines' status as a provider of an electronic communication service insofar as such stat.us pertained to the appellant's Fourth Amendment challenge to his conviction.
See United States
v.
Mullins,
. Other courts have been understandably reluctant to narrow the Supreme Court's preemption analysis in
Morales
based upon subsequent interpretations of the ERISA provision.
See United Airlines, Inc. v. Mesa Airlines, Inc.,
. Plaintiffs raise claims. under forty-nine state statutes prohibiting unfair and deceptive acts and practices. The New York General Business Law is among them. Also cited is the Minnesota Deceptive Trade Practices Act, which formed the basis of claims adjudicated in
In re Northwest,
. The federal regulations to which JetBlue refers concern incorporation by reference in a contract of carriage with an air carrier. 14 C.F.R. § 253.4. Given that preemption doctrine stands to guard against state regulation in an area reserved for federal law, it is unclear to the Court how reference to federal regulations implicates questions of preemption.
See generally Travel All Over The World,
. Although the Amended Complaint includes a prayer for injunctive relief and punitive damages, as well as a declaratory judgment, the section of the Amended Complaint dealing *318 with the breach of contract claim asserts only a prayer for actual damages. (See Am. Compl. ¶¶ 5, 91.)
. At least one court that took a decidedly broad view of the ADA clause in deeming a privacy claim preempted proceeded to address the plaintiffs’ trespass to property claim on the merits,
see In re Northwest,
. The federal law to which defendants refer does no more than govern reporting on passenger manifests in the event of disasters, see 49 U.S.C. § 44909; 14 C.F.R. Pt. 243, and correction of cargo manifests and air waybills in the event of shortages and overages, see 12 C.F.R. § 122.49(a) & (b).
. Regulations issued pursuant to Congressional authorization after litigation is commenced are also relevant to preemption analysis because they bear upon the issue of Congressional intent to occupy a field.
See French v. Pan Am Express, Inc.,
. In particular, defendants note that airlines operating flights to or from the United States must provide U.S. Customs with electronic access to their PNR databases so that Customs may obtain "any and all PNR data elements relating to the identity and travel plans of a passenger.” 19 C.F.R. § 122.49b. PNR data “that is made available to Customs electronically may, upon request, be shared with other Federal agencies for the purpose of protecting national security.” Id. There is no requirement for air carriers to collect any PNR information that they would not ordinarily collect on their own. Id.
. Plaintiffs do not oppose this construction, as evidenced by their Corrected Omnibus Opposition to Defendants' Motions to Dismiss. (See PL’s Mem. at 51.)
. This argument was rejected by the
In re Northwest
court which held, as a matter of law, that the PNRs in question were not the property of the class action plaintiffs.
In re Northwest,
. Plaintiffs merely claim, in their Memorandum of Law, that Acxiom, SRS, and Torch “each took on a quasi-contractual relationship with JetBlue's aggrieved passengers based on their disclosure and receipt of their personal information from JetBlue." (PL's Mem. at 62.)
. Presumably, this request is now withdrawn with respect to the invasion of privacy claim, which plaintiffs voluntarily dismissed.