Opperman v. Path, Inc.

• Decision Date: 14 May 2014
• Docket Number: Case No. 13–cv–00453–JST
• Citation: 87 F.Supp.3d 1018
• Court: U.S. District Court — Northern District of California
• Parties: Marc Opperman, et al., Plaintiffs, v. Path, Inc., et al., Defendants.

87 F.Supp.3d 1018

Marc Opperman, et al., Plaintiffs

v.Path, Inc., et al., Defendants.

Case No. 13–cv–00453–JST

United States District Court, N.D. California.

Signed May 14, 2014

Carl F. Schwenker, Brobeck Phleger & Harrison, Palo Alto, CA, Dirk M. Jordan, Jeffrey Scott Edwards, Edwards Law, Austin, TX, for Plaintiffs.

Gregory J. Casas, Houston, TX, Jedediah Wakefield, Tyler G. Newby, Tyler Griffin Newby, Fenwick & West LLP, Michael G. Rhodes, Cooley LLP, Michael Henry Page, Durie Tangri LLP San Francisco, CA, Ryan T. Mrazik, Perkins Coie LLP, Amanda J. Beane, Seattle, WA, Tanya Deniese Henderson, Perkins Coie LLP, Scott Howard Mellon, Gibson Dunn and Crutcher LLP, William B. Dawson, Gibson, Dunn & Crutcher LLC, Dallas, TX, Timothy L. Alger, Perkins Coie LLP, S. Ashlie Beringer, Gibson Dunn & Crutcher LLP, Lori R. Mason, Cooley LLP, Palo Alto, CA, Alan D. Albright, Gray Cary Ware & Freidenrich LLP, Peter D. Kennedy, George & Donaldson, L.L.P., Yusuf Ahmad Bajwa, King & Spalding LLP, Shannon W. Bangle, Beatty, Bangle, Strama P.C., Lawrence A. Waks, Jackson Walker, L.L.P., Adam Hugh Sencenbaugh, Hal L. Sanders, Jr., Haynes and Boone, LLP, Austin, TX, Mazda K. Antia, Cooley Godward Kronish, San Diego, CA, David Frank McDowell, Morrison & Foerster LLP, Shelley Gershon Hurwitz, Holland & Knight LLP, Valentine Antonavich Shalamitski, Mitchell Silberberg Knupp LLP, Los Angeles, CA, Keith Mason Henneke, Bracewell & Giuliani LLP, Jacob Alan Sommer, Marc J. Zwillinger, Zwillinger Genetski LLP, Washington, DC, Judith R. Nemsick, Christopher G. Kelly, Holland & Knight LLP, Christine Lepera, Sonnenschein Nath & Rosenthal LLP, Jeffrey M. Movit, Mitchell Silberberg & Knupp LLP, New York, NY, for Defendants.

ORDER GRANTING IN PART AND DENYING IN PART DEFENDANTS' MOTIONS TO DISMISS

Re: ECF Nos. 393, 394, 395, 396

JON S. TIGAR, United States District Judge

THIS DOCUMENT RELATES TO ALL CASES

I. Background...––––

A. The App Store...––––

B. The Subject Apps...––––

C. Apple's Representations...––––

II. Legal Standards...––––

III. Apple's Motion to Dismiss...––––

A. Article III Standing...––––

B. Communications Decency Act...––––

C. Misrepresentation Claims...––––

D. California Comprehensive Computer Data Access and Fraud Act...––––

E. Strict Products Liability: Design Defect and Failure to Warn...––––

F. Negligence...––––

G. RICO...––––

H. Aiding and Abetting...––––

IV. App Defendants' Motions to Dismiss...––––

A. Article III Standing...––––

B. Plaintiffs' UCL Claims...––––

C. Invasion of Privacy: Intrusion Upon Seclusion...––––

D. Invasion of Privacy: Public Disclosure of Private Facts...––––

E. CDAFA and Computer Fraud and Abuse Act...––––

F. Electronic Communications Privacy Act...––––

G. Texas and California Wiretap Statutes...––––

H. Texas Theft Liability Act...––––

I. RICO and Vicarious Liability...––––

V. Facebook and Gowalla's Motion to Dismiss...––––

A. Uniform Fraudulent Transfer Act...––––

B. Successor Liability...––––

C. Aiding and Abetting...––––

VI. Conclusion...––––

Before the Court are four motions to dismiss filed by Defendants in this action. The operative Consolidated Amended Class Action Complaint (“CAC”), ECF No. 362, collects the claims of fifteen plaintiffs¹ in four related actions against a total of fifteen Defendants. Defendant Apple Inc. designs and manufactures the iPhone, the iPod touch, and the iPad, (“iDevices”), each of which is a mobile device that can wirelessly access the Internet. Since 2008, those devices have included an App Store, which enables users to download software, or apps, to their devices created by third parties. Each Defendant except for Apple is an app developer² (collectively, “App Defendants”). Plaintiffs allege that the App Defendants' apps have been surreptitiously stealing and disseminating the contact information stored by customers on Apple devices. CAC ¶ 7.

I. BACKGROUND

Plaintiffs bring this action on their own behalf, on behalf of an “iDevice Class,” composed of all purchasers of Apple's iDevices between July 10, 2008 and the present who downloaded the App Defendants' apps, and on behalf of three subclasses: the “Malware Subclass,” the “Address Book Subclass,” and the “Texas Subclass.” CAC ¶ 48. The Malware Subclass comprises those who downloaded the subject apps. The Address Book Subclass comprises those in the Malware Subclass whose iDevice, without requesting prior approval, “transmitted, disclosed, and/or disseminated the iDevice's mobile address book (or substantial portions thereof) over the Internet and/or to third-parties” due to the subject apps.

The CAC asserts several overlapping claims against different Defendants on behalf of different Plaintiffs. In total, the CAC asserts the following statutory claims: violation of California's Unfair Competition Law (“UCL”), Cal. Bus. & Prof.s Code § 17200, et seq. ; violation of California's False and Misleading Advertising Law (“FAL”), Cal. Bus. & Prof.s Code § 17500, et seq. ; violation of California's Consumer Legal Remedies Act (“CLRA”), Cal. Civ.Code § 1750, et seq. ; violation of the California Comprehensive Computer Data Access and Fraud Act (“CDAFA”), Cal. Pen.Code § 502 ; violation of California's Wiretap / Invasion of Privacy Act, Cal. Pen.Code § 630, et seq. ; violation of the Uniform Fraudulent Transfer Act, Cal. Civ.Code § 3439 ; violation of the Texas Wiretap Acts, Tex.Code Crim. P. art. 18.20, § 1(3) and Tex. Pen.Code § 16.02(a) ; violation of the Texas Theft Liability Act, Tex. Pen.Code § 31.03 ; violation of the federal Computer Fraud & Abuse Act, 18 U.S.C. § 1030 ; violation of the Electronic Communications Privacy Act (“ECPA”), 18 U.S.C. § 2510 ; and violation of Racketeer Influenced and Corrupt Organizations Act (“RICO”), 18 U.S.C. § 1961 –1964. In addition, Plaintiffs assert common law claims for negligent misrepresentation, invasion of privacy (intrusion upon seclusion and public disclosure of private facts), conversion, trespass to personal property and/or chattel, misappropriation, strict product liability (design defect and failure to warn), negligence, and secondary and vicarious liability.³

The following chart shows which claims each Plaintiff asserts against each Defendant:

[Editor's Note: The preceding image contains the reference for footnote^{4 , 5} ].

The following summary of Plaintiffs' allegations is taken from the complaint. As it must, the Court accepts the CAC's allegations as true for purposes of this motion.

A. The App Store

Apple launched the App Store in 2008, and heavily promoted it in conjunction with its iDevices. CAC ¶ 57. The promotion was successful: the App Store today has over 700,000 apps for iPhone and iPod touch, and 275,000 apps for the iPad. Since 2008, customers have downloaded over forty billion apps. Id.

Apple maintains “exclusive domain” and “ultimate control” over the App Store's offerings. iDevices are designed only to accept apps from the App Store, and Apple decides which apps will be offered, and which will not. CAC ¶ 60. iDevices also come with pre-programmed apps built into the device's operating system. Among those apps is Apple's “Contacts” app—a virtual address book. The App Store is another one. CAC ¶ 61. Neither of these built-in apps can be removed by the user.

“Apple claims to review each application before offering it to its users, purports to have implemented apps privacy standards, and claims to have created a strong privacy protection for its customers.” CAC ¶ 62. However, some apps offered on the App Store are alleged to have accessed and uploaded information from customers' iDevices without their knowledge, including contact information. Plaintiffs allege that Apple has failed to safeguard the App Store from such apps, while representing to the public that Apple's products are “safe and secure.” CAC ¶ 64.

Apple is “notorious for complete control over its products.” CAC ¶ 87. App developers must submit their apps to Apple for review, and Apple decides whether to offer them on the App Store. To be eligible for inclusion, third-party app developers must register with Apple and agree to the iOS Developer Agreement (“IDA”) and the Program License Agreement (“PLA”), as well as pay a yearly registration fee. CAC ¶ 87–89. Apple reserves the right to reject apps for any reason, and has explicitly reserved the right to reject apps that breach the licensing agreements, provide Apple with inaccurate documents or information, or violate, misappropriate, or infringe the rights of a third party. CAC ¶ 90. After joining the program, app developers use Apple's software development kit (“SDK”), which provides guidelines and tools for app development. CAC ¶ 91.

The App Store Review Guidelines prohibit the transmission of user data without prior permission. CAC ¶¶ 101, 104. However, Plaintiffs allege that Apple's “iOS Human Interface Guidelines” encourage data theft. The guidelines are meant to guide developers as they create apps for the App Store. Apple tells developers, “don't force people to give you information you can easily find for yourself, such as their contacts or calendar information,” and “[i]f possible, avoid requiring users to indicate their agreement to your [end user license agreement] when they first start your application. Without an agreement displayed, users can enjoy your application without delay.” CAC ¶ 212 (emphasis omitted).

Plaintiffs allege that “Apple taught Program registrants' to incorporate forbidden data harvesting functionalities—even for private “contacts”—into their Apps and encouraged Program registrants to design those functions to operate in non-discernible manners that would not be noticed by the iDevice owner. These App Defendants, apparently in accord with Apple's instructions, did just that with their identified Apps.” CAC ¶ 214.

Similarly, Plaintiffs allege: “Apple's Program tutorials and developer sites [ ] teach Program registrants how to code and build apps that non-consensually access, manipulate, alter, use and upload the mobile address books maintained on Apple...