Another Day, Another CIPA Ruling – Jornaya’s Website Recording Does Not Violate Section 631

In Loretta Williams v. DDR Media, LLC, et al., No. 22-CV-03789-SI, 2023 WL 5352896, at *3–5 (N.D. Cal. Aug. 18, 2023), United States District Court Judge Susan Illston held, on a motion to dismiss, that Jornaya’s recording of Plaintiff’s website activity for the operator’s later use did not violate CIPA.  Specifically,

Plaintiff argues that Jornaya violated the second prong of Section 631(a) and DDR Media violated the fourth prong. Specifically, plaintiff alleges that (1) Jornaya’s TCPA Guardian was a “new technology” that falls within the definition of “a machine, instrument, contrivance, or … any other manner” and (2) by using it, Jornaya intentionally read or learned the contents of a message, report, or communication (3) “without prior express consent.” Dkt. No. 43 ¶¶ 39–42; see Matera v. Google Inc., 2016 WL 8200619, at *21 (N.D. Cal. Aug. 12, 2016) (applying Section 631(a) to new technology such as email).

DDR Media was a party in the communication that cannot be sued under the first three prongs, but plaintiff alleges that DDR Media is liable for violating the fourth prong because it partnered with Jornaya. Id. ¶43.

Both defendants argue that this claim should be dismissed because (1) Jornaya merely enabled DDR Media to record its own communications and did not act as a third-party eavesdropper; and (2) the information allegedly intercepted was “record information” not protected by the statute. Dkt. No. 47 at 4–8; Dkt. No. 48 at 4–5, 8. In addition, DDR Media argues that plaintiff fails to plead facts showing that the information was intercepted “in transit” and that the alleged intrusion did not involve a wiretap of a “telegraph or telephone wire, line, cable, or instrument.” Dkt. No. 48 at 6–7.

Defendants argue that Jornaya was not a third-party eavesdropper because its software “acted as an extension of” DDR Media’s website rather than intercepting and using the data for Jornaya’s own purposes. See Dkt. No. 47 at 5.

Section 631 does not prohibit parties from recording their own conversations, even without the other party’s knowledge. See Rogers v. Ulrich, 52 Cal. App. 3d 894, 899, 125 Cal. Rptr. 306 (Ct. App. 1975) (“[O]nly a third party can listen secretly to a private conversation.”). In Rogers v. Ulrich, a California appellate court rejected Section 631 claims against a defendant who had recorded his own conversations and then played the recordings to others. Id. However, if one participant in a conversation permits a third party to eavesdrop on a conversation without the knowledge of the other participant, then the third party is liable under the second prong of Section 631 (and the participant may be liable under the fourth prong). Ribas v. Clark, 38 Cal. 3d 355, 361, 696 P.2d 637, 641 (1985). In Ribas v. Clark, a woman in the middle of divorce proceedings asked a friend to listen in on a phone call to the woman’s husband. Id. at 358, 696 P.2d 637. The California Supreme Court held that this act constituted eavesdropping under the statute because “a substantial distinction has been recognized between the secondhand repetition of the contents of a conversation and its simultaneous dissemination to an unannounced second auditor.” Id. at 360, 696 P.2d 640.

*4 Defendants argue that Jornaya merely provided DDR Media with “a tool … like a tape recorder.” Dkt. No. 47 at 5. Plaintiff argues that defendants’ reasoning would add an additional “use” requirement into the second prong of Section 631(a) and that Jornaya is liable for recording regardless of what it did with the recording. Dkt. No. 50 at 9. The court must determine whether Jornaya’s TCPA Guardian software is more akin to a tape recorder or a secret listener.

This is a close question, and district courts have split on the issue. In Graham v. Noom, Inc., a district court considered similar allegations against Fullstory, a company that provides software that “records visitor data such as keystrokes, mouse clicks, and page scrolling” and enables clients to “see a ‘playback’ of any visitor’s session.” Graham v. Noom, Inc., 533 F. Supp. 3d 823 (N.D. Cal. 2021). The court held that Fullstory was not a third-party eavesdropper because it captured data only for the client website to use. The court reasoned that Fullstory “provides a tool – like the tape recorder in Rogers – that allows [a client website] to record and analyze its own data in aid of [the client website’s] business.” Id. at 832. Because there were no allegations that Fullstory “intercepted and used the data itself,” the court concluded that it was not a third-party eavesdropper. Id. at 833. Other courts have followed Graham‘s reasoning. See, e.g., Williams v. What If Holdings, LLC, No. C 22-03780 WHA, 2022 WL 17869275, at *3 (N.D. Cal. Dec. 22, 2022) (concluding that software vendor “functioned as a recorder, and not as an eavesdropper”); Johnson v. Blue Nile, Inc., No. 20-CV-08183-LB, 2021 WL 1312771, at *2 (N.D. Cal. Apr. 8, 2021).

In Javier v. Assurance IQ, LLC, a district court took issue with this reasoning. Javier v. Assurance IQ, LLC, No. 20-CV-02860-CRB, 2023 WL 114225, at *6 (N.D. Cal. Jan. 5, 2023). It found that considering a software vendor’s use of the information to determine whether it was a third-party eavesdropper “read[s] a use requirement into the second prong” of Section 631(a). Because the third prong of Section 631(a) separately penalizes use of information obtained via wiretapping, the court reasoned that considering use in analyzing the second prong would “add requirements that are not present (and swallow the third prong in the process).” Id. It also noted that the California Supreme Court did not consider the third party eavesdropper’s “intentions” or “the use to which they put the information they obtained” in Ribas v. Clark, 38 Cal. 3d 355, 696 P.2d 637 (1985). The Javier court concluded that so long as the recording software provider has “the capability to use its record of the interaction for any other purpose,” it is a third-party eavesdropper. Id.

This is a difficult issue, and the Javier court’s point that use is penalized by the third prong of the statute rather than the second is well-taken. However, the second prong of the statute penalizes anyone who “reads, or attempts to read, or to learn the contents or meaning of” the communication. Cal. Penal Code § 631(a). A person who eavesdrops on a conversation clearly falls under that definition. And a software company that analyzes or uses a recorded communication has read, attempted to read, or learned the contents of that communication. But the Court can think of no sense in which Jornaya has read, attempted to read, or learned the contents or meaning of the communication at issue here. Jornaya has merely recorded the communication for retrieval by a party to the same communication. Thus, the Court finds that Jornaya is more akin to a tape recorder vendor than an eavesdropper.

*5 Because plaintiff has not sufficiently alleged that a third-party read, attempted to read, or learned (or attempted to learn) the contents or meaning of its communication, her claim under Section 631(a) is dismissed.