Cousineau v. Microsoft Corp.

• Decision Date: 22 June 2012
• Docket Number: Case No. C11–1438–JCC.
• Parties: Rebecca COUSINEAU, on her own behalf and on behalf of all others similarly situated, Plaintiff, v. MICROSOFT CORPORATION, Defendant.
• Court: U.S. District Court — Western District of Washington

992 F.Supp.2d 1116

Rebecca COUSINEAU, on her own behalf and on behalf of all others similarly situated, Plaintiff,

v.MICROSOFT CORPORATION, Defendant.

Case No. C11–1438–JCC.

United States District Court,

W.D. Washington,

at Seattle.

June 22, 2012.

Benjamin H. Richman, Benjamin Scott Thomassen, Chandler R. Givens, J. Dominick Larry, Ari J. Scharg, Jay Edelson, Rafey S. Balabanian, Edelson LLC, Chicago, IL, Janissa Ann Strabuk, Kim D. Stephens, Tousley Brain Stephens, Seattle, WA, for Plaintiff.

Fred B. Burnside, Randal Lee Gainer, Stephen M. Rummage, Zana Bugaighis, Davis Wright Tremaine, Seattle, WA, for Defendant.

ORDER REGARDING DEFENDANT'S MOTION TO DISMISS

JOHN C. COUGHENOUR, District Judge.

This matter comes before the Court on Defendant's motion to dismiss (Dkt. No. 22), Plaintiff's response (Dkt. No. 25), and Defendant's reply (Dkt. No. 27). Having thoroughly considered the parties' briefing and the relevant record, the Court finds oral argument unnecessary and hereby DENIES in part and GRANTS in part the motion for the reasons explained herein.

I. BACKGROUND

This case involves an alleged invasion of privacy resulting in the transmission of sensitive information on the location and movement of smart phone users. Rebecca Cousineau brought this class action suit against Microsoft Corporation seeking to represent “[a]ll persons in the United States that, prior to August 31, 2011, denied their Windows Phone 7 camera application access to their location information, and unwittingly had their geolocation data transmitted to Microsoft's servers.” (Am. Compl. ¶ 34 (Dkt. No. 19 at 8).) Microsoft moved to dismiss the Complaint pursuant to Rule 12(b)(1), lack of subject matter jurisdiction, and Rule 12(b)(6), failure to state a claim upon which relief can be granted.

The following facts are undisputed except as otherwise indicated. Cousineau owns a smart phone operating Microsoft Windows Phone OS 7 software (OS 7). OS 7 supports “geolocation services”—a system that approximates users' location and enables users to locate friends and businesses, tag a photograph with location data, or find a missing phone. To operate geolocation services, OS 7 collects and stores six different types of information: a unique phone identifier,¹ a unique application identifier, the current date and time, the approximate latitude and longitude of the phone, the locations of the nearest cellular towers, and unique wireless router MAC addresses. (Research Doc. 2–6 (Dkt. No. 19, ex. A); (Microsoft Let'r (Dkt. No. 1, ex. A at 3–5)).) When users enable geolocation services, the phone transmits geolocation information to Microsoft's servers and to the application requesting the information. (Dkt. No. 1, ex. A at 5.) Microsoft stores users' geolocation information on servers containing its master database, the contents of which, according to Cousineau, were published online by Microsoft. (Dkt. No. 19 at 5 ¶¶ 18–19.) OS 7 also stores geolocation information on the phones themselves to help users find a lost phone, request location information, and improve Microsoft's database where GPS, WiFi access point, and cell tower data is lacking. (Dkt. 1, ex. A at 7–8.)

At issue in this case is Microsoft's design of the on-off switch controlling geolocation services on smart phones' camera application. The camera prompts users to choose whether to allow access to their geolocation information with the following message:

[a]llow the camera to use your location? Sharing this information will add a location tag to your pictures so you can see where your pictures were taken. This information also helps provide you with improved location services. We won't use the information to identify or contact you.

(Dkt. 19 at 3 ¶ 4.) Cousineau claims that even when she denied access by clicking “cancel,” her geolocation information was still transmitted to Microsoft. She supports her claim by presenting individual HTTPS packets transmitted from the phone to Microsoft, which appear to reveal that Microsoft received the location data after she denied access (as well as before the privacy prompt appeared). (Dkt. No. 19, ex. A at 3.) Microsoft counters that in order to disable location services properly, users needed to disable it in two places—on the phone's main settings menu, and when prompted by the individual application (here, the camera application).

In April 2011, the House Committee on Energy and Commerce inquired into Microsoft's collection of users' location data and its ability to track users. In its response on May 9, 2011, Microsoft emphasized its respect for users' privacy preferences, stating “[c]ollection is always with the express consent of the user.” (Dkt. No. 1, ex. A at 2, 6, 10.) Microsoft asserted on the one hand that, “information we collect and store helps us determine where those landmarks are, not where device users are located,” and in the very next sentence that “we've recently taken specific steps to eliminate the use and storage of unique device identifiers by our location service.... Without a unique identifier ... we cannot track an individual device.” ( Id. at 3.) Later in the letter, Microsoft further explained that “[w]hile collecting device identifiers can help assemble and refine a database of available WiFi access points and cell towers more quickly and effectively than without them, these identifiers have diminishing value over time,” and that it discontinued the collection of device identifiers in the subsequent version of the software. ( Id. at 6.) After the filing of this Complaint and the submission of Microsoft's letter to Congress, Microsoft acknowledged in an online press release that it had discovered “unintended behavior” of the sort Cousineau now complains. (Dkt. No. 19 at 3 ¶ 7 FN 1 (citing Microsoft, Location and My Privacy FAQ, Windows Phone Privacy, http:// www. microsoft. com/ windowsphone/ en- US/ howto/ wp 7/ web/ location- and- my- privacy. aspx (last updated Dec. 2011)).) Even when users had disabled location services on their phones' camera, the phone continued to transmit their location information. Id.

Cousineau alleges that Microsoft deceived users by purposefully designing a defect in OS 7's privacy control on the camera application, while maintaining publicly that it respected their privacy. She states: “Microsoft made very specific representations to U.S. Congress members about the very functionality of its Windows Phone OS 7 that the [Microsoft] now claims is flawed.” ( Id. at 7 ¶ 29.) Furthermore, “[t]he idea that, during the programming process, these software engineers simply ‘overlooked’ the fact that their own code was designed to ignore users' refusal to consent to be tracked is untenable” because “Microsoft is one of the largest and most renowned software developers in the world, with a highly sophisticated staff of engineers.” ( Id. at ¶ 28.) Cousineau doubts the truthfulness of Microsoft's statements to Congress because she believes that Microsoft would have investigated the problem thoroughly before representing the company's absolute respect for users' privacy. ( Id. at ¶ 29.) In addition, Cousineau submits HTTPS packets that purport to show that Microsoft continued to collect unique device identifiers as late as August 27, 2011, even though it represented to Congress that it had “recently discontinued its storage and use of device identifiers.” (Dkt. No. 1, ex. A at 6.)

Finally, Cousineau alleges that Microsoft used the unauthorized data it collected to improve geolocation services and to facilitate the development of targeted advertisements to smart phone users based on their location. (Dkt. No. 19 at 4–5 ¶ 14–15.) She claims that Microsoft's conduct is motivated by the projected 2.5 billion dollar mobile advertisement industry. ( Id. at 4 ¶¶ 13–14.)

II. DISCUSSION

Cousineau claims that Microsoft's conduct violated the following four statutes: the Stored Communications Act, 18 U.S.C. §§ 2701 et seq., the Wiretap Act, 18 U.S.C. §§ 2510 et seq., the Washington Privacy Act, Wash. Rev.CodeE § 9.73 et seq., the Washington Consumer Protection Act, Wash. Rev.CodeE § 19.86 et seq. In addition, she alleges that Microsoft was unjustly enriched at her expense. Microsoft now moves to dismiss.

The Court first considers Microsoft's motion to dismiss the Complaint for lack of subject matter jurisdiction on standing grounds, and second, its motion to dismiss for failure to state a claim upon which relief may be granted. Fed.R.Civ.P. 12(b)(1), (12)(b)(6).

A. Whether Cousineau has Standing to Bring Her Claims

Cousineau has standing to bring this action if she has asserted (1) an injury in fact that is concrete and particularized, (2) a causal connection between the injury and the conduct complained of, and (3) that the injury is redressable by a favorable decision. See Lujan v. Defenders of Wildlife, 504 U.S. 555, 560, 112 S.Ct. 2130, 119 L.Ed.2d 351 (1992). Solely at issue here is Microsoft's contention that its mere receipt of Cousineau's location information did not injure her sufficiently to confer standing. (Dkt. No. 22 at 9, 15.)

The Court focuses its review on Cousineau's standing to bring claims under the Stored Communications Act (“SCA”). At this point, the Court need not reach her standing to bring claims under the Wiretap Act, Washington Consumer Protection Act, Washington Privacy Act or unjust enrichment doctrine because, as discussed later on, she has not stated a claim entitling her to relief with respect to those causes of action.

1. Cousineau's Standing to Bring a Claim Under the Stored Communications Act

The primary intent of the Stored Communications Act is to protect the privacy of individuals' personal information by prohibiting the government and private parties from accessing that information. See18 U.S.C. §§ 2701(a)(1), (a)(2). More specifically, the Ninth Circuit has explained that the SCA:

reflects Congress's judgment that users have a legitimate interest in the...