Sloan v. Anker Innovations Ltd.

• Jurisdiction: United States,Federal,Illinois,New York,Florida,California
• Parties: TREVOR SLOAN, JOSEPH BLEIBERG, ARYEH LOUIS ROTHBERGER, PATRICK COMMERFORD, KEVIN FARR, ELMER ORPILLA, KEITH LAPATING, and SAGAR DESAI, on behalf of themselves and all others similarly situated, Plaintiffs, v. ANKER INNOVATIONS LIMITED, FANTASIA TRADING LLC, and POWER MOBILE LIFE LLC, Defendants.
• Decision Date: 09 January 2024
• Court: U.S. District Court — Northern District of Illinois
• Docket Number: 22 C 7174

1

TREVOR SLOAN, JOSEPH BLEIBERG, ARYEH LOUIS ROTHBERGER, PATRICK COMMERFORD, KEVIN FARR, ELMER ORPILLA, KEITH LAPATING, and SAGAR DESAI, on behalf of themselves and all others similarly situated, Plaintiffs, v. ANKER INNOVATIONS LIMITED, FANTASIA TRADING LLC, and POWER MOBILE LIFE LLC, Defendants.

No. 22 C 7174

United States District Court, N.D. Illinois, Eastern Division

January 9, 2024

ORDER

SARA L. ELLIS UNITED STATES DISTRICT JUDGE

OPINION AND ORDER

Plaintiffs Trevor Sloan, Joseph Bleiberg, Aryeh Louis Rothberger Patrick Commerford, Kevin Farr, Sagar Desai, Elmer Orpilla and Keith Lapating allege Defendants Anker Innovations Limited, Fantasia Trading LLC, and Power Mobile Life LLC violated various privacy laws relating to their practices in storing data connected to their “eufy” branded security products.^[1]Specifically, Plaintiffs seek redress under the Federal Wiretap Act, 8 U.S.C. § 2510; the Biometric Information Privacy Act (“BIPA”), 740 Ill. Comp Stat. 14/1 et seq.; several consumer fraud statutes-the Illinois Consumer Fraud and Deceptive Trade Practices Act (“ICFA”), 815 Ill. Comp. Stat 505/1 et seq.; the New York Deceptive Acts and Practices Law, NY Gen. Bus. §§ 349 and 350; the Massachusetts Consumer Fraud Law, Chapter 93A (“Mass. Ch. 93A”); and the Florida Deceptive and Unfair Trade Practices (“FDUPTA”), Fla. Stat. § 501.201; and for unjust enrichment. Defendants filed a motion to dismiss Plaintiffs' claims pursuant to Federal Rule of Civil Procedure 12(b)(6).

The Court grants in part and denies in part Defendants' motion to dismiss. The Wiretap Act does not apply to the facts of this case because Defendants are a party to the communication-specifically the transmission of data from the eufy products to Plaintiffs' receipt of that data on the eufy Security app-and so the Court dismisses the Wiretap Act claim. Similarly, the Court dismisses Plaintiffs' BIPA and ICFA claims as to the non-Illinois resident plaintiffs and the nationwide class because neither statute applies extraterritorially. Finally, the Court dismisses Plaintiffs' ICFA, NY Gen. Bus. § 349, Mass. Ch. 93A, and FDUPTA claims to the extent they rely on Defendants' statements relating to security because those statements are puffery. Plaintiffs may proceed on their remaining claims as discussed below.

BACKGROUND^[2]

Plaintiffs' claims arise from their purchase and use of Defendants' “eufy” branded security products, specifically eufy home security cameras and video doorbells (the “eufy products”). The eufy products can access Wi-Fi, record and stream video, and detect motion. The eufy products apply a facial recognition program called the BionicMind System, which differentiates between known individuals and strangers by recognizing biometric identifiers and comparing the face template against those stored in a database. The eufy products sync to a consumer's phone through the eufy Security app, which automatically notifies the consumer of motion around the camera either by showing a thumbnail image taken from the camera or sending a text message indicating the motion.

As advertised, the cameras store the video recordings and data to conduct facial recognition locally, “meaning on equipment located with and controlled by the consumer.” Doc. 31 ¶ 2. Additionally, Defendants advertised that information from the eufy products remained encrypted, so only the user could access the data. The eufy products' packaging included the following statements: “your privacy is something we value as much as you do”; “to start, we're taking every step imaginable to ensure that your data remains private, with you”; “whether it's your newborn crying for mom, or your victory dance after a game, your recorded footage will be kept private”; “stored locally with military grade encryption”; “transmitted to you, and only you”; and “that's just the start of our commitment to protect you, your family, and your privacy.” Id. ¶ 32. Defendants also warranted that “there is no online link available to any video.” Id. ¶ 33. Defendants' privacy policy stated that the eufy products operate with “no clouds.” Id. ¶ 37.

Plaintiffs all purchased at least one eufy product between June 2020 and November 2022 and installed them in their respective residences-Sloan and Orpilla in Illinois, Bleiberg and Rothberger in New York, Desai in Florida, Commerford in Texas, Farr in Massachusetts, and Lapating in California. Plaintiffs all allege they relied on representations that the products would store data locally and encrypt their data when purchasing the eufy products. Similarly, Plaintiffs all allege they would have paid less or not purchased the eufy products at all if they knew the data would not be encrypted, could be accessed by third parties, or would be uploaded to Defendants' servers.

In November 2022, Paul Moore, a security researcher, posted several tweets and videos revealing holes in the security network for the eufy products. Specifically, Moore identified that the eufy products uploaded the thumbnail images used to notify users of movement through the app to Defendants' cloud storage without encryption. Moore determined that he could stream content from his videos through unencrypted websites and posted a video showing that his camera feed could be accessed through an incognito web browser. SEC Consult, a security firm, and The Verge, an online technology media outlet, confirmed Moore's results.

Defendants initially denied that the eufy products streamed video without encryption. However, on November 29, 2022, Defendants released a statement asserting that “[a]lthough our eufy Security app allows users to choose between text-based or thumbnail-based push notifications, it was not made clear that choosing thumbnail-based notifications would require preview images to be briefly hosted on the cloud. The lack of communication was an oversight on our part and we sincerely apologize for the error.” Id. ¶ 57. Several months later, in January 2023, Anker's global head of communication provided a statement to The Verge acknowledging prior denials from the company regarding the production of unencrypted videos were wrong and that the unencrypted video streams were “a known issue, easily replicated and had been reported by the media.” Id. ¶ 65.

LEGAL STANDARD

A motion to dismiss under Rule 12(b)(6) challenges the sufficiency of the complaint, not its merits. Fed.R.Civ.P. 12(b)(6); Gibson v. City of Chi., 910 F.2d 1510, 1520 (7th Cir. 1990). In considering a Rule 12(b)(6) motion, the Court accepts as true all well-pleaded facts in the plaintiff's complaint and draws all reasonable inferences from those facts in the plaintiff's favor. Kubiak v. City of Chi., 810 F.3d 476, 480-81 (7th Cir. 2016). To survive a Rule 12(b)(6) motion, the complaint must assert a facially plausible claim and provide fair notice to the defendant of the claim's basis. Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009); Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555 (2007); Adams v. City of Indianapolis, 742 F.3d 720, 728-29 (7th Cir. 2014). A claim is facially plausible “when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Iqbal, 556 U.S. at 678.

Rule 9(b) requires a party alleging fraud to “state with particularity the circumstances constituting fraud.” Fed.R.Civ.P. 9(b). This “ordinarily requires describing the ‘who, what, when, where, and how' of the fraud, although the exact level of particularity that is required will necessarily differ based on the facts of the case.” AnchorBank, FSB v. Hofer, 649 F.3d 610, 615 (7th Cir. 2011) (citation omitted). Rule 9(b) applies to “all averments of fraud, not claims of fraud.” Borsellino v. Goldman Sachs Grp., Inc., 477 F.3d 502, 507 (7th Cir. 2007). “A claim that ‘sounds in fraud'-in other words, one that is premised upon a course of fraudulent conduct-can implicate Rule 9(b)'s heightened pleading requirements.” Id.

ANALYSIS

I. Group Pleading

Defendants move to dismiss Plaintiffs' entire complaint for improper use of group pleading. Under Rule 8, Plaintiffs need only provide a “short and plain statement of the claim showing that [they are] entitled to relief.” Fed.R.Civ.P. 8(a). There “is no ‘group pleading' doctrine, per se, that either permits or forbids allegations against defendants collectively.” Robles v. City of Chi., 354 F.Supp.3d 873, 875 (N.D. Ill. 2019). Group pleading does not violate Rule 8 “so long as the complaint provides sufficient detail to put the defendants on notice of the claims.” Horton v. City of Rockford, No. 18 C 6829, 2019 WL 3573566, at *3 (N.D. Ill. Aug. 6, 2019) (citations omitted). A complaint that directs every allegation at all the defendants can provide sufficient detail to put the defendants on notice because the defendants “do not have to speculate about which claims or allegations pertain to them; they must defend against them all.” Gorgas v. Amazon.com, Inc., No. 22 CV 5159, 2023 WL 4209489, at *3 (N.D. Ill. June 23, 2023). Here, Defendants “do not have to speculate about which claims or allegations pertain to them” because Plaintiffs have asserted all claims against all three defendants, so the allegations do not violate Rule 8. Id.

However group pleading can run headfirst into Rule 9(b)'s requirement for particularity for averments sounding in fraud or “premised upon a course of fraudulent conduct.” Borsellino v. Goldman Sachs Grp., Inc., 477 F.3d 502, 507 (7th Cir. 2007). This is because in fraud cases involving multiple defendants, “the complaint should inform each defendant of the nature of his alleged participation in the fraud.” Vicom, Inc. v. Harbridge Merch. Servs., Inc., 20 F.3d 771, 778 (7th Cir. 1994)...