ORDER GRANTING IN PART AND DENYING IN PART DEFENDANTS’ MOTIONS TO DISMISS
Re: ECF Nos. 393, 394, 395, 396
THIS DOCUMENT RELATES TO ALL CASES
I. Background... 1029
A. The App Store... 1031
B. The Subject Apps... 1032
C. Apple’s Representations... 1034
II. Legal Standards... 1034
III. Apple’s Motion to Dismiss... 1036
A. Article III Standing.. .1036
B. Communications Decency Act... 1042
C. Misrepresentation Claims... 1045
D. California Comprehensive Computer Data Access and Fraud Act... 1053
E. Strict Products Liability: Design Defect and Failure to Warn... 1054
F. Negligence... 1055
G. RICO... 1055
H. Aiding and Abetting... 1055
IV. App Defendants’ Motions to Dismiss ...1055
A. Article III Standing... 1055
B. Plaintiffs’ UCL Claims... 1058
C. Invasion of Privacy: Intrusion Upon Seclusion... 1058
D. Invasion of Privacy: Public Disclosure of Private Facts... 1061
E. CDAEA and Computer Fraud and Abuse Act.. .1062
G. Texas and California Wiretap Statutes ...1063
H. Texas Theft Liability Act... 1064
I. RICO and Vicarious Liability...^
V. Facebook and Gowalla’s Motion to Dismiss... 1064
A. Uniform Fraudulent Transfer Act.. .1065
B. Successor Liability.. .1066
C. Aiding and Abetting... 1067
VI. Conclusion... 1067
Before the Court are four motions to dismiss filed by Defendants in this action. The operative Consolidated Amended Class Action Complaint (“CAC”), ECF No. 362, collects the claims of fifteen plaintiffs
1. BACKGROUND
Plaintiffs bring this action on their own behalf, on behalf of an “iDevice Class,” composed of all purchasers of Apple’s iDevices between July 10, 2008 and the present who downloaded the App Defendants’ apps, and on behalf of three subclasses: the “Malware Subclass,” the “Address Book Subclass,” and the “Texas Subclass.” CAC ¶ 48. The Malware Subclass comprises those who downloaded the subject apps. The Address Book Subclass comprises those in the Malware Subclass whose iDevice, without requesting prior approval, “transmitted,. disclosed, and/or disseminated the iDevice’s mobile address book (or substantial portions thereof) over the Internet and/or to third-parties” due to the subject apps.
The CAC asserts several overlapping claims against different Defendants on behalf of different Plaintiffs. In total, the CAC asserts the following statutory claims: violation of California’s Unfair Competition, Law (“UCL”), Cal. Bus. & Prof.s Code § 17200, et seq.; violation of California’s False and Misleading Advertising Law (“FAL”), Cal. Bus. & Prof.s Code § 17500, et seq.; violation of California’s Consumer Legal Remedies Act (“CLRA”), Cal. Civ.Code § 1750, et seq.; violation of the California Comprehensive Computer Data Access and Fraud Act (“CDAFA”), Cal. Pen.Code § 502;' violation of California’s Wiretap / Invasion of Privacy Act, Cal. Pen.Code § 630, et seq.; violation of the Uniform Fraudulent Trans
The following chart shows which claims each Plaintiff asserts against each Defendant:
Cause of Action On Behalf of Against
1. UCL All Plaintiffs Apple
2. UCL Opperman Plaintiffs Apple
3. UCL Plaintiffs Except Pirozzi App Defendants
4. FAL All Plaintiffs. Apple
5. FAL Opperman Plaintiffs Apple
6. CLRA All Plaintiffs Apple
7. CLRA Oppennan Plaintiffs Apple
8. Negligent Misrepresentation All Plaintiffs Apple
9. Negligent Misrepresentation Opperman Plaintiffs Apple
Cause of Action On Behalf of Against
10 CDAFA Plaintiffs Except Pirozzi All Defendants
11 CFAA Plaintiffs Except Pirozzi App Defendants
12 ECPA Plaintiffs Except Pirozzi App Defendants
13 Wiretap/Invasion of Privacy Act CAD Plaintiffs4 Foodspotting, Instagram, Path, Twitter, and Yelp
14 Texas Wiretap Acts Texas Plaintiffs5 App Defendants
15 Intrusion Upon Seclusion Opperman Plaintiffs App Defendants
16 Public Disclosure of Private Facts Opperman Plaintiffs App Defendants
17 Conversion Plaintiffs Except Pirozzi All Defendants
18 Trespass to Property Opperman Plaintiffs All Defendants
19 Texas Theft Liability Act Texas Plaintiffs App Defendants
20 Misappropriation Opperman Plaintiffs App Defendants
21 Strict Products Liability: Design Defect Opperman Plaintiffs Apple
22 Strict Products Liability: Failure to Warn Opperman Plaintiffs Apple
23 NegligencePlaintiffs Except Pirozzi All Defendants
24 Uniform Fraudulent Transfer Act Gowalla Plaintiffs Gowalla and Facebook
25 RICO Opperman Plaintiffs All Defendants
26 Secondary and Vicarious Liability Opperman Plaintiffs All Defendants
The following summary of Plaintiffs’ allegations is taken from the complaint. As it must, the Court accepts the CAC’s allegations as true for purposes of this motion.
A. The App Store
Apple launched the App Store in 2008, and heavily promoted it in conjunction with its iDevices. CAC ¶ 57. The promotion was successful: the App Store today has over 700,000 apps for iPhone and iPod touch, and 275,000 apps for the iPad. Since 2008, customers have downloaded over forty billion apps. Id.
Apple maintains “exclusive domain” and “ultimate control” over the App Store’s offerings. iDevices are designed only to accept apps from the App Store, and Apple decides which apps will be offered, and which will not. CAC ¶ 60. iDevices also come with pre-programmed apps built into the device’s operating system. Among those apps is Apple’s “Contacts” app — a virtual address book. The App Store is another one. CAC ¶ 61. Neither of these built-in apps can be removed by the user.
“Apple claims to review each application before offering it to its users, purports to have implemented apps privacy standards, and claims to have created a strong privacy protection for its customers.” CAC
Apple is “notorious for complete control over its products.” CAC ¶ 87. App developers must submit their apps to Apple for review, and Apple decides whether to offer them on the App Store. To be eligible for inclusion, third-party app developers must register with Apple and agree to the iOS Developer Agreement (“IDA”) and the Program License Agreement (“PLA”), as well as pay a yearly registration fee. CAC ¶ 87-89. Apple reserves the right to reject apps for any reason, and has explicitly reserved the right to reject apps that breach the licensing agreements, provide Apple with inaccurate documents or information, or violate, misappropriate, or infringe the rights of a third party. CAC ¶ 90. After joining the program, app developers use Apple’s software development kit (“SDK”), which provides guidelines and tools for app development. CAC ¶ 91.
The App Store Review Guidelines prohibit the transmission of user data without prior permission. CAC ¶¶ 101, 104. However, Plaintiffs allege that Apple’s “iOS Human Interface Guidelines” encourage data theft. The guidelines are meant to guide developers as they create apps for the App Store. Apple tells developers, “don’t force people to give you information you can easily find for yourself, such as their contacts or calendar information,” and “[i]f possible, avoid requiring users to indicate their agreement to your [end user license agreement] when they first start your application. Without an agreement displayed, users can enjoy your application without delay.” CAC ¶ 212 (emphasis omitted).
Plaintiffs allege that “Apple taught Program registrants’ to incorporate forbidden data harvesting functionalities — even for private “contacts” — into their Apps and encouraged Program registrants to design those functions to operate in non-discernible manners that would not be noticed by the iDevice owner. These App Defendants, apparently in accord with Apple’s instructions, did just that with their identified Apps.” CAC ¶ 214.
Similarly, Plaintiffs allege: “Apple’s Program tutorials and developer sites [] teach Program registrants how to code and build apps that non-consensually access, manipulate, alter, use and upload the mobile address books maintained on Apple iDeviees.” CAC ¶ 190.
B. The Subject Apps
Plaintiffs allege that each of the App Defendants developed an app that copied iDevice users’ contact information without the user’s consent. In February 2012, it was revealed that App Defendant Path’s app, also called “Path,” was uploading users’ contacts and calendar information to its servers without users’ knowledge. Path’s CEO publicly apologized after the practice was made public. CAC ¶ 110.
Plaintiffs allege that several popular apps, including those designed by each App Defendant, have accessed and uploaded user data without consent. In some of these cases, the apps accessed user data without any prompt at all. See CAC ¶¶ 112, 136. Path is one such app. In other cases, the apps “surreptitiously accessed and uploaded information from users’ Contacts app through a ‘Find Friends’ feature without disclosing to users that the feature would leave their private information vulnerable to unauthorized download by the
The public revelations concerning third parties’ access to users’ private information led Congressmen Waxman and But-terfield to write to Apple and to thirty-four app publishers in February and March of 2012, asking for more information about the practice. CAC ¶¶ 115-17
The February letter to Apple noted that Apple’s website at that time represented that iDevice apps “have access to a device’s global data such as contacts in the Address Book,” while Apple’s review guidelines required app developers to gain users’ permission prior to transmitting data about a user. CAC ¶ 115. The letter continues:
In spite of this guidance, claims have been made that “there’s a quiet understanding among many iOS app developers that it is acceptable to send a user’s entire address book, without their permission, to remote servers and then store it for future reference. It’s common practice, and many companies likely have your address book stored in their database.” One blogger claims to have conducted a survey of developers of popular iOS apps and found that 13 of 15 had a “contacts database with millions of records” — with one claiming to have a database containing “Mark Zuck-erberg’s cell phone number, Larry Ellison’s home phone number and Bill Gates’ cell phone number.
Id. In March 2012, Senator Schumer called for an investigation by the Federal Trade Commission. CAC ¶ 118. In September 2012, Apple released iOS 6, which updated privacy settings on iDevices in a manner that discloses which apps access users’ contacts, calendars, reminders, photos, and other personal information, and allows users a way to prevent certain apps from accessing certain information. CAC ¶ 120.
The following chart outlines the apps each Plaintiff alleges he or she downloaded and deployed:
[[Image here]]
Plaintiffs allege that “Apple has repeatedly represented that Apple’s products are safe and secure, and that private information could not be accessed by third-party apps without the user’s express consent.” CAC ¶ 64. Throughout the CAC, Plaintiffs identify representations Apple has made on its website, in in-store advertisements, and otherwise, to the effect that iOS is “highly secure,” sometimes in particular with respect to the accessing of data by apps from other apps. See CAC ¶¶ 102-04,121-123.
For example, when the App Store first launched, Apple’s former CEO Steve Jobs explained, “[t]here are going to be some apps that we’re not going to distribute. Porn, malicious apps, apps that invade your privacy.” CAC ¶ 92. Plaintiffs allege that Apple repeated this refrain continuously during the launch of the App Store, and publicly took action consistent with these goals. See CAC ¶¶ 93-98. In October 2007, Jobs stated: “It will take until February to release an SDK because we’re trying to do two diametrically opposed things at once — provide an advanced and open platform to developers while at the same time protect iPhone users from viruses, malware, privacy attacks, etc. As our phones become more powerful, these malicious programs will become more dangerous.” CAC ¶ 94. At an SDK press conference on March 6, 2008, Jobs repeated that Apple would place limitations on third party apps for “malicious” and “illegal” content in order to address “privacy” concerns. CAC ¶ 93. Apple also “famously refused to integrate Adobe Flash technology” despite user demands. Jobs explained in April 2010 that this decision was made “because of reliability, security, and performance concerns.” CAC ¶ 97. “In sum, Apple has attempted to cultivate a perception that its products are safe and that Apple strives to protect users.” CAC ¶ 99.
In September 2011, Apple’s website stated that “iOS 4 is highly secure from the moment you turn on your iPhone. All apps run in a safe environment, so a website or app can’t access data from other apps.” CAC ¶ 102. Apple also assured consumers that, for data-security purposes, “Applications on the device are ‘sandboxed’ so they cannot access data stored by other applications.” CAC ¶ 209.
Apple’s “customer privacy policy” states that Apple takes “precautions — including administrative, technical, and physical measures — to safeguard your personal information against loss, theft, and misuse, as well as against unauthorized access, disclosure, alteration, and destruction.” CAC ¶ 122.
Plaintiffs further allege that “[f|rom 2008 to the present, the highest levels of Apple (from its founder to its current CEO to its corporate spokespersons) have so consistently expressed publicly that Apple protects its customers’ and iDevice owners’ security and privacy that — though inaccurate — it is ingrained into the image of Apple’s culture, products and offerings as well as in the minds of customers.” CAC ¶ 211.
Plaintiffs allege they saw and relied on Apple’s website, in-store advertisements, and television advertising in purchasing their iDevices, and that they would have paid less for their devices, or not purchased them at all, had they known they were vulnerable to privacy attacks. See CAC ¶ 125-26.
II. LEGAL STANDARDS
On a motion to dismiss, the Court accepts the material facts alleged in the complaint, together with all reasonable inferences to be drawn from those facts, as
To survive a motion to dismiss, a plaintiff must plead “enough facts to state a claim to relief that is plausible on its face.” Bell Atlantic Corp. v. Twombly,
In addition, fraud claims are subject to a heightened pleading standard. “In alleging fraud or mistake, a party must state with particularity the circumstances constituting fraud or mistake.” Fed. R.Civ.P. 9(b). The allegations must be specific enough to give a defendant notice of the particular misconduct alleged to constitute the fraud such that the defendant may defend against the charge. Semegen v. Weidner,
Finally, a “Rule 12(b)(1) jurisdictional attack may be facial or factual. In a facial attack, the challenger asserts that the allegations contained in a complaint are insufficient on their face to invoke federal jurisdiction. By contrast, in a factual attack, the challenger disputes the truth of the allegations that, by themselves, would otherwise invoke federal jurisdiction.” Safe Air for Everyone v. Meyer,
III. APPLE’S MOTION TO DISMISS
Apple moves to dismiss all of Plaintiffs’ claims' on Article III standing grounds, as well as each of Plaintiffs’ substantive claims for failure to state a claim upon which relief can be granted. Because Article III standing is a threshold jurisdictional question, the Court will first address Apple’s Rule 12(b)(1) motion to dismiss on the grounds that Plaintiffs lack Article III standing. See Steel Co. v. Citizens for a Better Env.,
A. Article III Standing
1. Legal Standards
To establish Article III standing, a plaintiff in federal court must meet three requirements. First, the plaintiff must have suffered an “injury in fact” — an invasion of a legally protected interest which is (a) concrete and particularized and (b) actual or imminent, not conjectural or hypothetical. Second, there must be a causal connection between the injury and the conduct complained of — the injury has to be fairly traceable to the challenged action of the defendant, and not the result of the independent action of some third party not before the court. Third, it must be likely, as opposed to merely speculative, that the injury will be redressed by a favorable decision. Lujan v. Defenders of Wildlife,
The standing requirements are not pleading requirements. Rather, “each element must be supported in the same way as any other matter on which the plaintiff bears the burden of proof, i.e., with the manner and degree of evidence required at the successive stages of the litigation.” Id. at 561,
In addition, even when a plaintiff is able to establish Article III standing, prudential considerations may preclude the exercise of federal jurisdiction. A plaintiffs claim must fall within the “zone of interests” sought to be protected by the statute or constitutional provision in question. Bond v. United States, — U.S. -,
Finally, in a class action, it is not sufficient for any named plaintiff to rely on
2. Injury-in-Fact and Causation
Despite the presence of fifteen' named Plaintiffs and fifteen Defendants, and the assertion of twenty-six causes of action, Plaintiffs’ case is rather simple. Plaintiffs allege that Apple sold them devices that made it possible for third parties to access and copy Plaintiffs’ address books without their knowledge. Plaintiffs allege, with respect to Apple, that they suffered injury in the form of having overpaid for their iDev-ices, because they would have paid less for their devices, or not purchased them at all, if Apple had disclosed that it had failed adequately to secure the devices from the alleged intrusion.
In denying Apple’s second motion to dismiss Plaintiff Pirozzi’s
Nevertheless, Apple argues that Plaintiffs have not satisfied the causation requirement because no Plaintiff has identified the specific representations made by Apple that form the basis of their overpayment theory of liability. The CAC makes the following allegations concerning Apple’s alleged misrepresentations and Plaintiffs’ reliance:
[EJach Plaintiff viewed Apple’s online, in-store, and/or television advertisements. In addition, each Plaintiff relied on Apple’s reputation for safety, cultivated through Apple’s extensive marketing and advertising campaigns. Each Plaintiff purchased an iDevice with the expectation that (i) it would come with a fully functioning App Store, and (ii) that Plaintiff would be able to utilize the “Contacts” function and iDevice apps from the App Store without compromising the security, safety, or control of Plaintiffs iDevice, mobile address book, or other personal and private information. Indeed, each Plaintiff purchased an iDevice with the expectation that he or she would maintain a mobile address book and receive and use additional add-on apps on his or her iDevice. Had any Plaintiff known that iDevices lacked promised features or that Apple designed the iDevices with known vulnerabilities to unauthorized operations from Apple-issued [third-party] apps, Plaintiffs would not have accepted add-on apps from Apple or the App Store andwould have paid less for his or her ¡Device. At no time prior to the purchase of Plaintiffs’ ¡Device did Apple warn any Plaintiff that the ¡Device and its data— particularly the Contacts feature and mobile address book — were vulnerable to unauthorized control and dissemination by third-parties.
CAC ¶ 32.
Apple’s standing argument fails to appreciate that “the threshold question of whether plaintiff has standing (and the court has jurisdiction) is distinct from the merits of his claim. Rather, ‘[t]he jurisdictional question of standing precedes, and does not require, analysis of the merits.’ ” Maya v. Centex Corp.,
For the Court to have jurisdiction over Plaintiffs’ claims, their alleged injury must be “ ‘fairly traceable’ ” to Apple, and not the result of the “‘independent action of some third party not before the court.’ ” Lujan v. Defenders of Wildlife,
Apple makes several more arguments concerning the merits of Plaintiffs’ claims, including that Plaintiffs have failed to allege their address books were actually uploaded,
Finally, relying on In re LinkedIn User Privacy Litig.,
Apple misreads Linkedln and the cases upon which the Linkedln court relied. The deficiency in the Linkedln plaintiffs’ standing was that they were pleading only a difference between what they had been promised by Linkedln and what they had received, i.e., a breach of contract. In re LinkedIn User Privacy Litig.,
More relevant here is the decision in In re Toyota Motor Corp.,
When the economic loss is predicated solely on how a product functions, and the product has not malfunctioned, the Court agrees that something more is required than simply alleging an overpayment for a “defective” product.... [T]hat “something more” could be allegations based on market forces. It could also be based on sufficiently detailed, non-conclusory allegations of the product defect.
Id. at 1165 n. 11.
Here, the Court finds that Plaintiffs’ allegations concerning the offending feature of the product — design that enables third parties to take address book information without consent — supply the “something more” that is required. Whether Plaintiffs’ product liability claims state a claim upon which relief can be granted is a separate question the Court addresses below.
Separately, Plaintiffs allege injury-in-fact to their property rights in their address books, as distinct from the economic injury of overpayment for their ¿Devices, as support for their common law conversion and trespass claims. The Court discusses this allegation in connection with the App Defendants’ motion to dismiss in more detail infra, Part IV.A. For the reasons discussed in that section, the Court finds that Plaintiffs lack Article III standing based on any injury to their property rights in their address books. For this reason, the Court will dismiss Plaintiffs’ common law claims against Apple for conversion and trespass.
3. Non-Resident Plaintiffs
Apple also argues that the nonresident Plaintiffs lack standing to assert California statutory claims. That argument “conflate[s] two issues: the extraterritorial application of California consumer protection laws (or the ability of a nonresident plaintiff to assert a claim under California law), and choice-of-law analysis.... ” Forcellati v. Hyland’s, Inc.,
Apple’s arguments here were recently rejected by Judge Wilken in another case arising out of Apple’s marketing activities. See In re iPhone 4S Consumer Litig., No. 12-cv-1127-CW,
Apple relies heavily on Sullivan v. Oracle Corp.,
The Court notes that Apple has not argued that the Court should apply the law of each plaintiffs home state to her claims, and the Court does not reach the question of whether it should. The Court only concludes that it is constitutional for
B. Communications Decency Act
Apple moves to dismiss all of Plaintiffs’ claims against it, except those premised on Apple’s alleged misrepresentations, on the ground that the Communications Decency Act (“CDA”), 47 U.S.C. § 230, bars Plaintiffs’ claims. Section 230(e)(1) provides: “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” Section 230(c)(2) provides:
No provider or user of an interactive computer service shall be held liable on account of—
(A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or
(B) any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in [section 230(c)(1) ].
Pursuant to the Act, an “interactive computer service” is “any information service, system, or access software provider that provides or enables computer access by multiple users to a computer server, including specifically a service or system that provides access to the Internet and such systems operated or services offered by libraries or educational institutions.” 47 U.S.C. § 230(f)(2). An “information content provider” is “any person or entity that is responsible, in whole or in part, for the creation or development of information provided through the Internet or any other interactive computer service.” 47 U.S.C. § 230(f)(3).
Congress, enacted these provisions as part of the Communications Decency Act of 1996 “for two basic policy reasons: to promote the free exchange of information and ideas over the Internet and to encourage voluntary monitoring for offensive or obscene material. Carafano v. Metrosplash.com, Inc.,
Nevertheless, neither section 230(c) nor any other subsection in the CDA “declares a general immunity from liability deriving from third-party content.” Barnes v. Yahoo!, Inc.,
Determining whether a defendant is a “publisher” requires further definition of that term. The Ninth Circuit has held that “publication involves reviewing, editing, and deciding whether to publish or to withdraw from publication third-party content.” Id. at 1102. “[A] publisher reviews material submitted for publication, perhaps edits it for style or technical fluency, and then decides whether to publish it.” Id. Despite Plaintiffs’ arguments to the contrary,
By contrast, the CDA does not bar claims against “information content providers.” An entity “that is responsible, in whole or in part, for the creation or development” of the allegedly offending information is not entitled to the CDA’s protection. “Development” refers “not merely to augmenting the content generally, but to materially contributing to its alleged unlawfulness.” Fair Hous. Council of San Fernando Valley v. Roommates.Com, LLC,
Prior to the relation of Plaintiff Pirozzi’s action against Apple to the above-captioned Opperman action, Apple moved to dismiss Pirozzi’s claims pursuant to the same provisions of the CDA.' Judge Gonzalez Rogers denied Apple’s motion on two bases. First, she found that Pirozzi’s fraud and misrepresentation claims against Apple arising out of Apple’s conduct or failure to disclose were “not predicated solely upon Apple’s approving and distributing Apps via its online App Store.” Pirozzi v. Apple Inc.,
Here, Apple expressly excludes from its CDA argument any application to Plaintiffs’ fraud and misrepresentation claims, in recognition of Judge Gonzalez Rogers’ first conclusion. With respect to her second conclusion, Apple argues that the CAC, which reproduces many of the allegations in Pirozzi and supplements them with others, contains sufficient allegations from which the Court can now conclude that the CDA bars the remainder of Plaintiffs’ claims against Apple. Plaintiffs again maintain that resolution of the CDA issue must await a later stage of the case.
The cases do not describe a one-size-fits all rule for when to apply the CDA. In some cases the applicability of the CDA is “apparent from the face of the complaint”; in others, it is not. Evans v. Hewlett-Packard Co., No. 13-cv-02477-WHA,
For example, Plaintiffs allege that Apple’s “iOS Human Interface Guidelines” encourage data theft. The guidelines are meant to guide developers as they create apps for the App Store. Among the guidelines are several suggestions that do, on their face, appear to encourage the practices Plaintiffs complain of in this case. For example, Apple tells developers, “don’t force people to give you information you can easily find for yourself, such as their contacts or calendar information,” and “[i]f possible, avoid requiring users to indicate their agreement to your [end user license agreement] when they first start your application. Without an agreement displayed, users can enjoy your application without " delay.” CAC ¶ 212 (emphasis omitted). Based on these passages from the guidelines, Plaintiffs allege: “Apple taught Program registrants’ to incorporate forbidden data harvesting functionalities— even for private “contacts” — into their Apps and encouraged Program registrants to design those functions to operate in non-discernible manners that would not be noticed by the iDevice owner. These App Defendants, apparently in accord with Apple’s instructions, did just that' with their identified Apps.” CAC ¶214. Similarly, Plaintiffs allege: “Apple’s Program tutorials and developer sites [] teach Program registrants how to code and build apps that non-eonsensually access, manipulate, alter, use and upload the mobile address books maintained on Apple iDeviees.” CAC ¶ 190.
These allegations target conduct that goes beyond the traditional editorial functions of a publisher, and beyond providing “neutral tools to carry out what may be unlawful or illicit” conduct.
C. Misrepresentation Claims
Apple groups as “misrepresentation claims” Plaintiffs’ UCL, FAL, CLRA, and negligent misrepresentation claims. Apple argues that each claim fails as a matter of law because, according to Apple, “not once in the 166-page pleading does a single Plaintiff identify any specific misrepresentation that he or she actually saw and relied upon in purchasing an Apple device.” ECF No. 395 at 23.
Plaintiffs’ misrepresentation claims are subject to Rule 9(b)’s requirement that fraud claims be pleaded with particularity.
Plaintiffs must also adequately plead injury and causation. To have standing under the UCL, a plaintiff must have suffered an injury in fact and “lost money or property as a result of such unfair competition.” Hall v. Time Inc.,
Nevertheless, “[w]hile a plaintiff must show that the misrepresentation was an immediate cause of the injury-producing conduct, the plaintiff need not demonstrate it was the only cause.” In re Tobacco II Cases,
1. Specific Representations
In many consumer fraud cases, courts require a plaintiff to identify and describe the specific alleged misrepresentations that each plaintiff saw or heard, and upon which each plaintiff relied. Indeed, in granting Apple’s first motion to dismiss Plaintiff Pirozzi’s complaint, Judge Gonzalez Rogers held that Pirozzi’s failure to “provide the particulars of her own experience reviewing or relying upon any” of the misrepresentations identified in her complaint was fatal to her claims. Pirozzi I,
Having again examined Pirozzi’s allegations, the Court now concludes that its prior decision regarding reliance was in error. In her Second Amended Complaint, Pirozzi alleged that Apple’s website contained the same representations discussed here, including the representation that “[a]ll apps run in a safe environment, so a website or app can’t access data from other apps.”
The CAC suffers from the same defect. It repeats the identical allegations made in Pirozzi’s Second Amended Complaint, and repeats the allegation that Pirozzi “viewed the Apple website.” CAC ¶¶ 121-25. In the next paragraph, the CAC further alleges: “Likewise, each of the other Plaintiffs visited Apple’s website.... ” What the CAC fails to do is connect any specific Plaintiff to any specific representation. The Court now concludes, even reading the complaint in the light most favorable to Plaintiffs, that Plaintiffs have failed to allege that any one of them saw any particular representation.
2. Pleading a Long-Term and Extensive Advertising Campaign
Recognizing that the few specific representations relied upon by this Court in denying Apple’s second motion to dismiss Pirozzi’s complaint form a narrow basis upon which to base this action, Plaintiffs now largely rest their misrepresentation claims on a different basis: that Apple allegedly engaged in a long-standing, widespread advertising campaign that created a reputation for safety and reliability. In re Tobacco II,
The named plaintiffs in In re Tobacco II alleged that the tobacco industry defendants conducted “a decades-long campaign of deceptive advertising and misleading statements about the addictive nature of nicotine and the relationship between tobacco use and disease.” Id. at 306,
In Whiteley, the California Court of Appeal affirmed a jury verdict in favor of the plaintiff, the husband of a woman who was a smoker and died of lung cancer. The tobacco industry defendants argued on appeal that the plaintiff had failed to present sufficient evidence of reliance to support the verdict. In particular, the defendants argued, as Apple does here, “that the evidence did not show that Whiteley heard any specific misrepresentation or false promise made by either defendant.” They further argued: “ ‘it is not enough that the plaintiff heard the alleged misrepresentation at some unidentified time from some unidentified source. Instead, the plaintiff must identify a specific misrepresentation that was actually communicated to the plaintiff (directly or indirectly).’ ” Id. at 680,
Relying on section 533 of the Restatement Second of Torts, the court held that the trial court had correctly instructed the jury on this question as follows: “One who makes a misrepresentation or false prom
were intended to reassure smokers and potential smokers about the health hazards of smoking and to convey that safety message. That was exactly the message Whiteley received. Defendants’ and their agents’ multifarious misrepresentations regarding the unsettled state of knowledge and the unreliability of any link between cigarette smoking and serious disease were made with the intention and expectation that these misrepresentations would circulate among and influence the conduct of all smokers and prospective smokers. They were heard by or passeasd on to Whitel[e]y, who believed them.
Id. at 681-82,
While several courts have considered whether to apply Tobacco II so as to relieve an individual plaintiff of the need to plead that she viewed and relied on a specific misrepresentation, the cases in the aggregate do not define any bright line rules. A review of the jurisprudence, however, has led the Court to identify the following factors in determining whether to apply Tobacco II.
First, to state the obvious, a plaintiff must allege that she actually saw or heard the defendant’s advertising campaign. See, e.g., Pfizer Inc. v.Super. Ct., 182 Cal.App.4th 622, 632,
Second, the advertising campaign at issue should be sufficiently lengthy in duration, and widespread in dissemination, that it would be unrealistic to require the plaintiff to plead each misrepresentation she saw.and relied upon. Compare Tobacco II,
Third, a plaintiff seeking to take advantage of the exception should describe in the complaint, and preferably attach to it, a “representative sample” of the advertisements at issue in order adequately to notify the defendant of the precise nature of the misrepresentation claim — that is, what, in particular, the defendant is alleged to have said, and how it was misleading. For example, in Children’s Television,
Fourth, the degree to which the alleged misrepresentations contained within the advertising campaign are similar to each other, or even identical, is also an important factor,
Fifth, in the absence of specific misrepresentations, a complaint subject to Rule 9(b)’s requirements should plead with particularity, and separately, when and how each named plaintiff was exposed to the advertising campaign. It is not sufficient to plead as a group, nor is it sufficient simply to allege general exposure without more detail. The facts in In re Tobacco II contained such detail. So too in Morgan v. AT & T Wireless Servs., Inc.,
AT & T moved to dismiss because the plaintiffs had failed to identify specific misrepresentations. The court held that the allegations supported the plaintiffs’ various misrepresentation claims, including the UCL, CLRA, FAL, and common law fraud, because the plaintiffs
were not required, as AT & T asserts, to plead the specific advertisements or representations they relied upon in making their decisions to purchase the T68i.... Although the advertising campaign alleged in this case was not as long-term a campaign as the tobacco companies’ campaign discussed in Tobacco II, it is alleged to have taken place over many months, in several different media, in which AT & T consistently promoted its GMS/GPRS network as reliable, improving, and expanding.
Id. In the context of the common law fraud claim, the court again observed: “where a fraud claim is based upon numerous misrepresentations, such as an advertising campaign that is alleged to be misleading, plaintiffs need not allege the specific advertisements the individual plaintiffs relied upon; it is sufficient for the plaintiff to provide a representative selection of the advertisements or other statements to indicate the language upon which the implied misrepresentations are based.” Id. at 1262,
The detail the Court requires here ensures that the advertisements at issue are representations that consumers were likely
Sixth, the court must be able to determine when a plaintiff made her purchase or otherwise relied in relation to a defendant’s advertising campaign, so as to determine which portion of that campaign is relevant. Representations made prior to purchase are relevant to a plaintiffs claim; ones made after are not. Consequently, a plaintiff should describe, to the best of her ability, (1) when the product was purchased, (2) the timeframe of the advertisements at issue, and (3) when the plaintiff was exposed to the advertisements.
These factors are merely one court’s attempt to harmonize the developing jurisprudence of false advertising claims. Future decisions from the California state and federal courts may reveal additional factors, or demonstrate that some of those just listed are not helpful.- Nevertheless, these are the factors the Court has been able to identify.
Applying them here, the Court finds that Plaintiffs have not adequately alleged a long-term advertising campaign of the kind that would excuse them from pleading specific reliance. Although Plaintiffs allege a long-term advertising campaign, they fail to do so with the level of detail that has led other courts to allow such claims to proceed.
First, as set forth above, it is not clear that any of the plaintiffs were actually exposed to Apple’s advertising campaign.
Second, although the CAC alleges with sufficient specificity the length of the advertising campaign at issue — it alleges that the campaign began at least by 2008 and continued up through the filing of the CAC — it does not contain sufficient detail concerning the esetent of the advertising. It is unclear from the CAC how often the advertisements were published, or in which media. Without more detail, the Court cannot conclude that it would be “unrealistic” to require Plaintiffs to plead with specificity their exposure to each alleged misrepresentation.
Third, and relatedly, Plaintiffs have not attached or described a “representative sample” of the advertisements at issue. Instead of cursory allegations that Apple “repeatedly represented that Apple’s products are safe and secure, and that private information could not be accessed by third-party apps without the user’s express consent,” CAC ¶ 64, Plaintiffs should describe in detail, or attach, advertisements that they contend are typical of the advertising campaign at issue. The Court is mindful that Plaintiffs have identified some specific representations contained on Apple’s website, or made by Apple’s employees, including its former and current CEOs. But it is not enough. After reading the complaint asserted against it, a defendant should be able to understand which advertising is alleged to be misleading, and how it is misleading, so that it may prepare a defense and identify in discovery the remainder of the advertising at issue — and just as importantly, that advertising which is not at issue. It is only through this process that the parties will be able to cabin, and then narrow, the scope of the litigation in succeeding stages. Because Plaintiffs have failed to allege in sufficient detail the nature of the advertisements, the Court finds that the CAC does not adequately notify Apple of the precise nature of the misrepresentation claims asserted against it.
Fifth, Plaintiffs do not separately allege in any detail how they were exposed to Apple’s advertising campaign. It is not enough merely to allege that Plaintiffs “viewed Apple’s website, saw in-store advertisements, and/or [were] aware of Apple’s representations regarding the safety and security of the iDevices prior to purchasing their own iDevices.” CAC ¶ 126.
Finally, without engaging Apple’s attempts to develop a factual record at the pleading stage, the Court is mindful of the fact that Plaintiffs have not alleged when they purchased their devices, other than to allege they were all purchased prior to February 2012. Consequently, even if Plaintiffs adequately address the other deficiencies in the CAC, it would still be difficult for the Court to conclude that Plaintiffs were exposed to the advertising at issue prior to purchasing their iDevices without more detailed allegations concerning the chronology of events for each Plaintiff in this case.
3. Failure to Disclose
Plaintiffs argue in the alternative that their misrepresentation claims are viable because Apple had an affirmative duty to disclose material facts of which it had exclusive knowledge, i.e., the vulnerability of Plaintiffs’ iDevices to the theft of their address books by third party apps, rendering it unnecessary for Plaintiffs to identify any misrepresentations.
“As the Ninth Circuit has recently cautioned, in the context of product defect claims, ‘California courts have generally rejected a broad duty to disclose.’ ” Donohue v. Apple, Inc.,
Plaintiffs argue that their non-disclosure claims fit into each of the last three categories. Because the Court has already determined above that Plaintiffs. do not adequately identify Apple’s alleged misrepresentations, only the second and third categories are at issue.
But Plaintiffs’ failure to disclose claims have a separate problem: “ ‘[a] manufacturer’s duty to consumers is limited’ to its warranty obligations absent either an affirmative misrepresentation or a safety issue.’ ” Donohue,
Because Plaintiffs have failed to plead with particularity the specific representations upon which they relied, have failed adequately to plead a long-term and extensive advertising campaign, and have failed to satisfy the requirements for a pure nondisclosure or concealment claim, the Court will grant Apple’s motion to dismiss Plaintiffs’ UCL, FAL, CLRA, and negligent misrepresentation claims, with leave to amend.
D. California Comprehensive Computer Data Access and Fraud Act
The California Comprehensive Computer Data Access and Fraud Act (“CDAFA”), Cal.Penal Code § 502, “expand[s] the degree of protection afforded to individuals, businesses, and governmental agencies from tampering, interference, damage, and unauthorized access to lawfully created computer data and computer systems.” Id. § 502(a). Every Plaintiff except Pirozzi asserts a claim against Apple for violation of the CDAFA. The CDAFA imposes liability, inter alia, on any person who
(1) Knowingly accesses and without permission alters, damages, deletes, destroys, or otherwise uses any data, computer, computer system, or computer network in order to either (A) devise or execute any scheme or artifice to defraud, deceive, or extort, or (B) wrongfully control or obtain money, property, or data.
(2) Knowingly accesses and without permission takes, copies, or makes use of any data from a computer, computer system, or computer network, or takes or copies any supporting documentation, whether existing or residing internal or external to a computer, computer system, or computer network....
(6) Knowingly and without permission provides or assists in providing a means of accessing a computer, computer system, or computer network in violation of this section.
(7) Knowingly and without permission accesses or causes to be accessed any computer, computer system, or computer network.
(8) Knowingly introduces any computer contaminant into any computer, computer system, or computer network.
Id. § 502(c)(1),(2),(6)-(8). The CDAFA authorizes the owner of the computer “who suffers damage or loss by reason of a violation of any of the provisions of subdivision (c) [to] bring a civil action against the violator for compensatory damages and injunctive relief or other equitable relief.” Id. § 502(e)(1).
Apple moves to dismiss on sevetal grounds. As an initial matter, the Court notés that, to the extent Plaintiffs’ theories of liability under the CDA FA derive from Apple’s “reviewing, editing, and deciding whether to” make available to its users the offending apps, those claims are barred by the Communications Decency Act, as discussed above.
To the extent Plaintiffs assert a CDAFA claim based on Apple’s encouragement of the development of the offending features of the subject apps, those allegations are insufficiently pleaded. Each subsection of the statute Plaintiffs assert incorporates expressly or by reference a requirement that the defendant acted “without permission.” See Cal. Pen. Code § 502(b)(10) (defining “computer contaminant”). Courts in this district have interpreted “without permission” to mean “in a manner that circumvents technical or code based barriers in place to restrict or bar a user’s access.” Facebook, Inc. v. Power Ventures, Inc.,
Plaintiffs argue that their CDAFA claim is viable because they “did not know that the apps contained the malicious code at issue here.” ECF No. 421 at 42. Other courts in this district have already persuasively rejected this argument. See iPhone I,
Plaintiffs’ allegations are materially indistinguishable from the allegations in iPhone I and In re Google Android Consumer Privacy. Although Plaintiffs allege they did not grant permission to the apps to copy their address books, there is no suggestion that the apps overcame “technical or code based barriers in place to restrict or bar a user’s access.” According to the CAC, the apps in question had open access to Plaintiffs’ address books.
Plaintiffs’ CDAFA claims against Apple will be dismissed.
E. Strict Products Liability: Design Defect and Failure to Warn
The Opperman Plaintiffs assert design defect and failure to warn strict products liability claims against Apple. “ ‘A manufacturer is strictly liable in tort when an article he places on the market, knowing that it is to be used without inspection for defects, proves to have a defect that causes injury to a human being.’ ” Anderson v. Owens-Corning Fiberglas Corp.,
Importantly, “recovery under the doctrine of strict liability is limited solely to ‘physical harm to person or property.’ ” Jimenez v. Superior Court,
Plaintiffs do not explain what injury they allege that satisfies the economic
F. Negligence
Plaintiffs’ negligence claims are barred by the economic loss rule discussed in the immediately previous section. “Purely economic damages to a plaintiff which stem from disappointed expectations from a commercial transaction must be addressed through contract law; negligence is not a viable cause of action for such claims.” In re iPhone Application Litig. (“iPhone IP),
The Court will dismiss Plaintiffs’ negligence claim against all Defendants.
G. RICO
Plaintiffs state that they “elect not to prosecute [the RICO] claim at this time and have no objection to its dismissal without prejudice as to” Apple. ECF No. 421 at 50. The Court construes Plaintiffs’ statement as a Rule 41(a)(l)(A)(i) notice of voluntary dismissal, which is self-executing.
H. Aiding and Abetting
In response to Apple’s argument that aiding and abetting is not a stand-alone cause of action in California, Plaintiffs respond: “The fact that Plaintiffs’ aiding and abetting allegations are set out in a separate claim merely provides clarity to the complaint by specifying that Plaintiffs contend that Apple is liable not just for its own actions but for those of the App Defendants.” ECF No. 421 at 49. Far from providing clarity, the separate aiding and abetting count casts in doubt which claims that, facially, are asserted only against the App Defendants are also meant to apply to Apple as well. The Court cannot discern from the CAC what additional liability, other than the claims Plaintiffs explicitly assert against Apple, Plaintiffs attempt to impose on Apple by virtue of the aiding and abetting count. For this reason, the Court will dismiss the claim. Plaintiffs are advised that each claim in the complaint should clearly set forth against which Defendants it is meant to be asserted.
IV. APP DEFENDANTS’ MOTIONS TO DISMISS
Like Apple, the App Defendants move to dismiss all of Plaintiffs’ claims against them on Article III standing grounds, as well as pursuant to Rule 12(b)(6).
A. Article III Standing
The Article III standing analysis as applied to Plaintiffs’ claims against the App Defendants differs from the analysis regarding Plaintiffs’ claims against Apple. In particular, the App Defendants argue that Plaintiffs have failed to identify an injury-in-fact sufficient to establish standing.
In evaluating Path’s motion to dismiss the Hernandez complaint prior to the relation of that action to the above-captioned action, Judge Gonzalez Rogers eval
In addition, however, Plaintiffs present four new theories of injury-in-fact not present in Hernandez. First, Plaintiffs argue that their claim for injunctive relief is sufficient to confer standing. “To have standing to assert a claim for prospective injunctive relief, a plaintiff must demonstrate ‘that he is realistically threatened by a repetition of [the violation].’ ” Melendres v. Arpaio,
Second, Plaintiffs argue that the App Defendants interfered with their property rights in their address books, conferring standing on Plaintiffs to sue. “[District courts have been reluctant to find standing based solely on a theory that the value of a plaintiffs [personal information] has been diminished.” Yunker v. Pandora Media, Inc., No. 11-cv-03113JSW,
However, Plaintiffs’ two remaining theories of injury are sufficient to confer standing. First, as observed above, Plaintiffs are able to establish standing through their statutory claims, because “[t]he injury required by Article III can exist solely by virtue of ‘statutes creating legal rights, the invasion of which creates standing.’ ” Edwards v. First Am. Corp.,
Second, Plaintiffs assert a common law claim for invasion of privacy. Regardless of the merits of that claim, the Court finds Plaintiffs’ allegations sufficient on this point. The essence of the standing inquiry is to determine whether the plaintiff has “alleged such a personal stake in the outcome of the controversy as to assure that concrete adverseness which sharpens the presentation of issues upon which the court so largely depends.” Baker v. Carr,
For the foregoing reasons, the Court will dismiss Plaintiffs’ common law claims against the App Defendants, except their invasion of privacy claims, on standing grounds.
B. Plaintiffs’ UCL Claims
The Court will also dismiss Plaintiffs’ UCL claims against the App Defendants, because, in order to have standing to assert their UCL claims, Plaintiffs must show that they “lost money or property,” and, as the Court concludes above, they have failed to make such a showing. See Kwikset Corp. v.Super. Ct.,
C. Invasion of Privacy: Intrusion Upon Seclusion
The Opperman Plaintiffs assert the common law claim of intrusion upon seclusion against the App Defendants. In particular, Plaintiffs allege that “[b]y surreptitiously obtaining, improperly gaining knowledge, reviewing and retaining Plain-, tiffs’ private mobile address books (or substantial portions thereof), the App Defendants intentionally intruded on and into each respective Plaintiffs solitude, seclusion or private affairs.” CAC ¶ 630. Plaintiffs allege the intrusion was “highly offensive to a reasonable person,” as evidenced by the “myriad newspaper articles, blogs, op eds., and investigative exposes’ [that] were written complaining and objecting vehemently to these defendants’ practices.” CAC ¶ 631. Plaintiffs also allege that “[cjongressional inquiries were opened to investigate these practices and some defendants even publicly apologized. The surreptitious manner in which the App Defendants’ conducted these intrusions confirms their outrageous nature.” Id.
The Second Restatement of Torts provides: “One who intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the intrusion would be highly offensive to a reasonable person.” Rest. (2d) of Torts § 652B (1977). California courts recognize that “ ‘a measure of personal isolation and personal control over the conditions of its abandonment is of the very essence of personal freedom and dignity, is part of what our culture means by these concepts.’ ” Shulman v. Grp. W Prods., Inc.,
An intrusion upon seclusion claim “does not depend upon any publicity given to the person whose interest is invaded or to his affairs.” Rest. .(2d) of Torts § 652B, Comment a. Nor must the intrusion be physical:
it may be performed by the use of the defendant’s senses, with or without mechanical aids, to oversee or overhear the plaintiffs private affairs, as by looking into his upstairs windows with binoculars or tapping his telephone wires. It may be by some other form of investigation or examination into his private concerns, as by opening his private and personal mail, searching his safe or his wallet, examining his private bank account, or compelling him by a forged court order to permit an inspection of his personal documents. The intrusion itself makes the defendant subject to liability, even though there is no publication or other use of any kind of the photograph or information outlined.
Id., Comment b. California has adopted the Restatement’s two-prong formulation of intrusion upon seclusion claims: “(1) intrusion into a private place, conversation or matter, (2) in a manner highly offensive to a reasonable person.” Shulman,
“The tort is proven only if the plaintiff had an objectively reasonable expectation of seclusion or solitude in the place, conversation or data source.” Id. Whether a legally protected privacy interest is at stake is a question of law; whether a plaintiff has a reasonable expectation of privacy and whether the defendant’s conduct is a serious invasion of privacy are mixed questions of law and fact. See Hill v. Nat’l Collegiate Athletic Assn.,
The Court does not read the App Defendants to be contesting that Plaintiffs have a legally protectable privacy interest in their address books, nor do the App Defendants contest that the apps intruded upon that interest. Instead, the App Defendants argue that Plaintiffs did not have a reasonable expectation of privacy in the information, and that the intrusion was not sufficiently offensive to give rise to a claim for intrusion upon seclusion.
1. Reasonable Expectation of Privacy
A claim for intrusion upon seclusion is not viable unless the plaintiff had an “objectively reasonable expectation of seclusion or solitude in the place, conversation or data source.” Shulman,
Here, there are two types of alleged intrusions at issue. Plaintiffs allege that some apps copied Plaintiffs’ address books without consent or any prompt. The Court finds that Plaintiffs’ expectation of privacy in their address books contained on their iDevices in this circumstance was reasonable. See, e.g., United States v. Zavala,
Other apps, such as Gowalla and Insta-gram, copied address books only, after they prompted the user to “find friends” who. use the same app by scanning Plaintiffs’ address books. See, e.g., CAC ¶¶ 238, 317. The menu prompts notified users that the app would scan their address books. Although the prompts required Plaintiffs to consent, Plaintiffs’ expectation of privacy in that circumstance was still reasonable. Plaintiffs allege that they would not have consented had they known that their apps would not only scan their address books to determine whether their friends were using the same app, but then upload the address books to the app develqper for other purposes. Plaintiffs allege that their consent was obtained by fraud, and that their consent was therefore invalid. See Rest. (2d) of Torts § 892B (1979) (“If the person consenting to the conduct of another is induced to consent by a substantial mistake concerning the nature of the invasion of his interests or the extent of the harm to be expected from it and the mistake is known to the other or is induced by the other’s misrepresentation, the consent is not effective for the unexpected invasion or harm.”); Sanchez-Scott v. Alza Pharm.,
Here, Plaintiffs allege that the App Defendants obtained their consent by misrepresenting their purpose. That is, they allege that the App Defendants intentionally represented that they would only “scan” Plaintiffs’ address books for purposes of the “find friends” feature without disclosing that, at the same time, the app would transmit a copy of the address book to Defendants for their own use. Taking the allegations in the CAC as true, the Court concludes that Plaintiffs’ consent was invalid. Consequently, Plaintiffs had a reasonable expectation of privacy with respect to the address books copied by each app at issue.
2. Offensiveness
The App Defendants’ primary argument in support of their motion to dismiss Plaintiffs’ intrusion upon seclusion claim is that the intrusion at issue is not “highly offensive.”
Liability for intrusion upon seclusion will not lie “unless the interference with the plaintiffs seclusion is a substantial one, of a kind that would be highly offensive to the ordinary reasonable man, as the result of conduct to which the reasonable man would strongly object.” Rest. (2d) of Torts § 652B, Comment d. “A court determining the existence of ‘offensiveness’ would consider the degree of intrusion, the context; conduct and circumstances surrounding the intrusion as well as the intruder’s motives and objectives, the setting into which he intrudes, and the expectations of those whose privacy is invaded.” Miller v. Nat’l Broad. Co.,
In evaluating a claim for invasion of California’s constitutional right to privacy, the iPhone II court held that the surreptitious tracking of personal data and geolo-cation information was not an “egregious breach of social norms.”
The decision in Folgelstrom is distinguishable.
The Court cannot conclude as a matter of law that Defendants’ copying of Plaintiffs’ address books was not “highly offensive.” That question is best left for a jury.
3. Damages
The App Defendants briefly argue that Plaintiffs have failed adequately to allege damages from the alleged intrusion upon seclusion because they have failed to allege economic injury. No such allegation is required. A plaintiff who prevails on an intrusion upon seclusion claim may recover damages for “anxiety, embarrassment, humiliation, shame, depression, feelings of powerlessness, anguish, etc.” Operating Engineers Local 3 v. Johnson,
For the foregoing reasons, the Court will deny the App Defendants’ motion to dismiss the Opperman Plaintiffs’ claim for intrusion upon seclusion.
D. Invasion of Privacy: Public Disclosure of Private Facts
The Opperman Plaintiffs also assert an invasion of privacy claim for public disclosure of private facts.
The elements of a claim for public disclosure of private facts are: “(1)
The Restatement makes clear that Plaintiffs must allege disclosure to the public “at large”:
“Publicity,” as it is used in this Section, differs from “publication,” as that term is used in § 577 in connection with liability for defamation. “Publication,” in that sense, is a word of art, which includes any communication by the defendant to a third person. “Publicity,” on the other hand, means that the matter is made public, by communicating it to the public at large, or to so many persons that the matter must be regarded as substantially certain to become one of public knowledge. The difference is not one of the means of communication, which may be oral, written or by any other means. It is one of a communication that reaches, or is sure to reach, the public.
Thus it is not an invasion of the right of privacy, within the rule stated in this Section, to communicate a fact concerning the plaintiffs private life to a single person or even to a small group of persons. On the other hand, any publication in a newspaper or a magazine, even of small circulation, or in a handbill distributed to a large number of persons, or any broadcast over the radio, or statement made in an address to a large audience, is sufficient to give publicity within the meaning of the term as it is used in this Section. The distinction, in other words, is one between private and public communication.
Rest. (2d) of Torts § 652D, Comment a (1977).
Plaintiffs argue that they satisfy this standard because their address books were transmitted in an unencrypted manner, or over public WiFi, “making it publicly available to third parties as well as service providers.” ECF No. 422 at 27. That argument fails to meet the disclosure requirement for this claim. While Plaintiffs allege that their information could have been intercepted by third parties, they do not allege that any interception occurred, nor do they allege that it was “substantially certain” that their address books would become “public knowledge.” To satisfy the requirement, more specific allegations establishing the extent of the disclosure are required.
For this reason, the Court will dismiss the Opperman Plaintiffs’ public disclosure claim.
E. CDAFA and Computer Fraud and Abuse Act
The Court’s analysis supra, Part III.D, concerning the California Comprehensive Computer Data Access and Fraud Act (“CDAFA”), Cal.Penal Code § 502, applies equally to Plaintiffs’ claims against the App Defendants. For the challenged conduct to qualify as “without permission” under the CDAFA, the conduct must involve circumventing “restrictions on access” of some kind. The CAC does not allege that the subject apps circumvented any restrictions.
Plaintiffs also assert a claim for violation of the federal Computer Fraud and Abuse Act (“CFAA”),' 18 U.S.C. §§ 1030(a)(2)(C), (a)(5), & (g), against the App Defendants. Plaintiffs concede that, like the CDAFA, the CFAA applies only to a defendant’s access to a computer “without authorization,” and that this limitation must be interpreted similarly to the “with
Plaintiffs do not advance any new arguments concerning the “without authorization” limitation in the CFAA, relying instead on their arguments concerning the CDAFA. Consequently, the Court will dismiss both claims.
F. Electronic Communications Privacy Act
The Federal Wiretap Act, or Electronic Communications Privacy Act (“ECPA”), 18 U.S.C. § 2510, prohibits “interception” of “wire, oral, or electronic communications.” Id. § 2511(1). The Act provides a private right of action against any person who “intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication,” id. § 2511(l)(a), or who “intentionally uses, or endeavors to use, the contents of any wire, oral, or electronic communication, knowing or having reason to know that the information was obtained through the interception of a wire, oral, or electronic communication in violation of [the Wiretap Act],” id. § 2511(l)(d). “Intercept” is defined as “the aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device.” Id. § 2510.
All Plaintiffs except Pirozzi assert an ECPA claim against the App Defendants. Judge Gonzalez Rogers previously dismissed the ECPA claim in Hernandez for the same reason the App Defendants seeks dismissal here: “The FAC fails to allege that Defendant intercepted any communication contemporaneously with its transmission. Although Path allegedly transmitted the Class Members’ Contact Address Books from the Class Members’ mobile devices to Path’s servers, Path did not ‘intercept’ a ‘communication’ to do so.” Hernandez,
Plaintiffs simultaneously “preserv[e] their disagreement with this court-generated rule in the event it is later overturned,” ECF No. 422 at 24, and also advance the tortured argument that the contemporaneous interception requirement is met here because the apps in question caused Plaintiffs’ iDeviees to “send information from the user’s Contacts from the iDevice’s storage memory to processors and active memory being used by the app” and then “simultaneously intercept[ed] that transmission.” Id. The decisions in Konop and Theofel are dispositive. In those cases, the “transmission” Plaintiffs describe here as being “intercepted” — the use of data by different memory compo.nents of the same device — was insufficient to give rise to an ECPA claim. The Court will dismiss Plaintiffs’ ECPA claim.
G. Texas and California Wiretap Statutes
Plaintiffs’ claims under the California Invasion of Privacy Act, Cal. Pen.Code
H. Texas Theft Liability Act
The Texas Plaintiffs assert a claim for violation of Texas Penal Code section 31.03(a), which provides that a person commits theft: “if he unlawfully appropriates property with intent to deprive the owner of property.” “Deprive” means “(A) to withhold property from the owner permanently or for so extended a period of time that a major portion of the value or enjoyment of the property is lost to the owner; (B) to restore property only upon payment of reward or other compensation; or (C) to dispose of property in a manner that makes recovery of the property by the owner unlikely.” Tex. Pen.Code § 31.01(2)(A)-(C).
Plaintiffs cannot satisfy the definition of “deprive” for purposes of their Texas Theft Liability Act claim. Even if Plaintiffs have a property right in their address books, there is no allegation that the App Defendants withheld the address books from Plaintiffs “permanently or for so extended a period,of time that a major portion of the value or enjoyment of the property” was lost. Nor do Plaintiffs allege that the App Defendants offered to restore the address books for payment, because no restoration is possible; the address books were copied. For the same reason, Plaintiffs have not alleged that the App Defendants disposed of the property. Consequently, the Court will dismiss the Texas Plaintiffs’ Texas Theft Liability Act claim.
I. RICO and Vicarious Liability
Plaintiffs “elect not to prosecute [their RICO and vicarious liability] claims at this time and have no objection to their dismissal without prejudice as to” the App Defendants. As discussed above with respect to Plaintiffs’ RICO claim against Apple, the Court construes Plaintiffs’ statement as a Rule 41(a)(1)(A)® notice of voluntary dismissal, which is self-executing.
V. FACEBOOK AND GOWALLA’S MOTION TO DISMISS
App Defendants Facebook and Gowalla move to dismiss Plaintiffs’ claims against them for violation of the Uniform Fraudulent Transfer Act (“UFTA”), Cal. Civ.Code § 3439, et seq., for-common law aiding and abetting, and for successor liability (as against Facebook only).
Plaintiffs allege that “[i]n late 2011, Fa-cebook conducted due diligence on Gowalla for a contemplated business transaction with Gowalla and/or Gowalla’s owners. The contemplated transaction involved transfer of all or substantially all of Gowal-la’s assets, technology, know-how or equity to Facebook.” CAC ¶ 414. According to the CAC, Facebook discovered that Gowal-la’s app had been copying users’ address books without consent and decided as a result to structure the transaction differently. The resulting transaction transferred to Facebook Gowalla’s key personnel, “technology” and “know-how.” CAC ¶ 416. “Facebook did not pay Gowalla reasonably fair value for the Gowalla assets, technology, know-how or personnel. Face-book instead paid Gowalla’s shareholders and management for the company’s assets.
The transaction was memorialized in a Release and Waiver Agreement submitted to the Court under seal by Facebook and Gowalla.
A. Uniform Fraudulent Transfer Act
“The [California] UFTA permits defrauded creditors to reach property in the hands of a transferee.” Fid. Nat. Title Ins. Co. v. Schroeder,
Under the California UFTA,
Here, Plaintiffs’ allegations do not establish that any transfer of assets occurred within the meaning of the UFTA. Plaintiffs only describe generally what assets they assert were transferred: personnel, “technology,” and “know-how.” Plaintiffs fail to address the requirement that the transfer at issue put beyond Plaintiffs’ reach property they otherwise would be able to subject to the payment of debt. There is no suggestion, for example, that Plaintiffs could not subject Gowalla’s intellectual property, which Gowalla retained, to the payment of a future debt, or that the license Gowalla conveyed to Facebook somehow impaired its ability to satisfy creditor claims. Certainly Gowalla’s employees are not “assets” for purposes of the UFTA. The parties have cited only one case to the Court on this point, Fink v. Advanced Logic Sys., Inc., A-5939-05T1,
Because Plaintiffs have failed to allege a transfer of assets within the meaning of the UFTA, their UFTA claim will be dismissed.
B. Successor Liability
Each claim asserted against Gowalla in this case is also asserted against Facebook by virtue of successor liability. Under California law, a corporation that purchases the assets of another does not assume the liabilities of the selling corporation unless: “(1) there is an express or implied agreement of assumption, (2) the transaction amounts to a consolidation or merger of the two corporations, (3) the purchasing corporation is a mere continuation of the seller, or (4) the transfer of assets to the purchaser is for the fraudulent purpose of escaping liability for the seller’s debts.” Ray v. Alad Corp.,
There is no successor liability where no acquisition or fraudulent transfer has occurred. See, e.g., Gee v. Tenneco, Inc.,
Facebook argues, and Plaintiffs do not contest, that Texas law applies to Plaintiffs’ claims against it. ECF No. 394 at 6 n.6; ECF No. 434 at 2. Texas does not recognize a claim for “aiding and abetting” as alleged in the CAC.
In Juhl v. Airington,
Plaintiffs’ aiding and abetting claim will be dismissed.
VI. CONCLUSION
For the foregoing reasons, the Court hereby DISMISSES all of Plaintiffs’ claims against all Defendants with leave to amend, with the exception of the Opper-man Plaintiffs’ claim for common law intrusion upon seclusion against the App Defendants. Plaintiffs have leave to file an amended complaint within thirty days from the date of this Order.
IT IS SO ORDERED.
Notes
. The sixteenth Plaintiff, Haig Arabian, has voluntarily dismissed his claims. ECF No. 426. The remaining Plaintiffs are Alan Beuershasen, Giuli Biondi, Lauren Carter, Steve Dean, Stephanie Dennis-Cooley, Jason Green, Claire Hodgins, Gentry Hoffman, Rachelle King, Nirali Mandaywala, Claire Moses, Judy Paul, Maria Pirozzi, Theda Sandiford and Greg Varner.
. The App Defendants are: Chillingo Ltd. (Angry Birds and Cut the Rope), Electronic Arts, Inc., Facebook, Inc., Foodspotting/ Inc., Foursquare Labs, Iric., Gowalla, Inc., Hipster, Inc., Instagram, Inc., Kile Interactive, Inc., Path, Inc., Rovio Entertainment, Ltd. (Angry Birds Classic), Twitter, Inc., Yelp!, Inc., and ZeptoLab UK Ltd. (Cut the Rope).
. Plaintiffs, Apple, and the App Defendants discuss California and Texas common law interchangeably without explanation, often pointing out that both states' common law is identical with respect to the issues presented by Defendants’ motions to dismiss. The Court has not identified any differences between Texas and California common law on the issues addressed in this Order, and therefore, for the sake of convenience, discusses only California law.
. "CAD” Plaintiffs are those who downloaded apps from Foodspotting, Instagram, Path, Twitter, and Yelp.
. The Texas Plaintiffs are Beuershasen, Bion-di, Dean, Hodgins, Hoffman, King, and Var-ner.
. Pirozzi’s action was related to the above-captioned action, and her claims are now grouped in the CAC with the claims of the other fourteen Plaintiffs.
. Apple’s reliance on In re iPhone Application Litig. ("iPhone III"),
. There is further support in the CAC for Plaintiffs,’ standing. Plaintiffs allege that Apple contributed to the theft of address books through its review of App Store submissions, its App Store review guidelines, its software development kit, other sources of guidance Apple makes available to app developers, and through its failure to catch the offending features contained in the apps implicated in this suit. Plaintiffs also assert product liability claims against Apple for its design of ¡Devices, and for its failure to warn consumers of
. In fact, the CAC alleges that apps designed by each App Defendant were downloaded by at least one Plaintiff, and that each of those apps has been shown to upload users’ address books without consent after a known set of steps is taken by the user. That Plaintiffs do not allege that their information was, in fact, uploaded is not surprising, since only discovery will reveal whether and how the allegedly widespread practice affected each Plaintiff. But Plaintiffs plausibly allege that they “unwittingly took those steps ... needed to unwittingly trigger the unnoticeable transmission of their mobile address books.” CAC ¶ 139.
. The Ninth Circuit had certified the question for the California Supreme Court to answer.
. Plaintiffs argue that the CDA protects only an interactive computer service’s decision to exclude offensive content.
. It is worth noting that not all of Plaintiffs’ allegations concerning Apple’s conduct fall outside the CDA. For example, Plaintiffs’ assertion that Apple “provides third-party developers with review guidelines, and conducts a review of all applications submitted for inclusion in the App Store for compliance with these documents,” CAC ¶ 89, is identical to an allegation regarding the app distributor in Evans, which that court found insufficient to support the plaintiff’s claim that the distributor was also a co-creator. See Evans,
. Rule 9(b) does not apply to Plaintiffs' UCL claims for “unlawful” business practices to the extent these claims are grounded on something other than fraud.
. Whether a party has Article III standing to bring a cause of action in federal court is a different analysis than whether the plaintiff has adequately established statutory standing under California’s UCL, CLRA, or FAL. Two Jinn, Inc. v. Gov’t Payment Serv., Inc., No. 09-CV-2701-JLS,
. The Court rejects Apple’s argument that this statement is not actionable because it is literally true. The CAC alleges that, although it comes pre-loaded on ¡Devices, the Contacts app is an app like any other.
. Children's Television was decided before Tobacco II, but is included here because it employs a similar analysis. The court there found that in light of defendants' "large scale program of deceptive advertising in which the specific advertisements change constantly,” it
. This does not mean that the representations must be identical. In both Children’s Television and Tobacco II, the advertisements at issue were "similar by category.”
. Once the warranty expires, a manufacturer does not have an affirmative duty to disclose a latent defect unless it poses an “unreasonable safety hazard.” See Donohue,
. The Court recognizes there is a split of authority in this district concerning the appropriate scope of the "without permission” language in the CDAFA. Weingand v. Harland Fin. Solutions, Inc., No. 11-cv-3109-EMC,
. The App Defendants also repeat some of the arguments Apple makes, for example that those Plaintiffs who are not from California cannot sue under California law. See ECF No. 393 at 7. Where the Court has already addressed an identical argument in the section on Apple’s motion to dismiss, it does not do so again here.
. Judge Gonzalez Rogers also evaluated two other types of alleged injury that Plaintiffs no longer allege and that are not germane to this Order.
. The Court does not read these decisions to be holding that consumers do not have property rights in their electronically stored private information, but that the copying of such information without any meaningful economic injury to consumers is insufficient to establish standing on that basis. Cf. FMC Corp. v. Capital Cities/ABC, Inc.,
. The App Defendants also argue that Folgel-strom limited intrusion upon seclusion claims to conduct that involves a highly offensive use of the private information. See Folgelstrom,
That passage from Folgelstrom is dicta, and the Court has been unable to locate any other decision that has applied the limitation; it was not relied upon, for example, in iPhone II. Moreover, unlike the Folgelstrom court, this Court has been able to locate cases which impose liability without an allegation of highly offensive use. For example, in Sanchez-Scott v. Alza Pharm.,
The Restatement also expressly disavows any such limitation. See Rest. (2d) of Torts § 652B, Comment b ("The intrusion itself makes the defendant subject to liability, even though there is no publication or other use of any kind of the photograph or information outlined.”) (emphasis added).
. Because the CAC depends on the transaction at issue, the Court hereby takes judicial notice of the Agreement. See Swartz v. KPMG, LLP,
. Facebook and Gowalla argue that Plaintiffs do not have standing to assert a California UFTA claim against them because they are not residents of California. The Court has already rejected that argument with respect to Apple's motion to dismiss. Plaintiffs have standing to assert a California UFTA claim against Facebook and Gowalla, which are headquartered in California, for conduct that occurred in California.
As for the choice-of-law analysis, the parties agree that the California and Texas UFTA statutes do not conflict. Consequently, the Court will analyze California’s UFTA.
. In briefing and at oral argument, Plaintiffs point to a Facebook securities filing and make other arguments based on facts not contained in the CAC. The Court declines to consider these arguments.
. Section 876 of the Restatement provides:
For harm resulting to a third person from the tortious conduct of another, one is subject to liability if he
(a) does a tortious act in concert with the other or pursuant to a common design with him, or
(b) knows that the other's conduct constitutes a breach of duty and gives substantial assistance or encouragement to the other so to conduct himself, or
(c)gives substantial assistance to the other in accomplishing a tortious result and his own conduct, separately considered, constitutes a breach of duty to the third person.
Rest. (2d) of Torts, § 876 (1977).
. Plaintiffs argue that because there is no case expressly prohibiting such a claim, Face-book’s motion to dismiss should be denied. This California federal court will decline Plaintiffs’ invitation to create new causes of action under the state law of Texas.