It was not long ago when we were first spooked to see advertisements in our browsers directed at things we were talking about “offline” moments earlier. Could our smart phones be recording our conversations? Is it legal? Is it even possible?
Well, short answer—your smartphone is always listening to you and analyzing your phrases (at least in short bursts) but it is not—as far as we know—using that information to direct advertising to your phone or computer browser. But is any level of surveillance of our conversations by Big-Tech really lawful? That is the question being determined in a huge piece of litigation here in California and the results could really change the (Consumer Privacy) World.
Let’s break this down a bit.
Plaintiff brought two SCA claims, asserting violations of both 2701(a)(governing unauthorized access) and 2702(b)(governing disclosure of information) of the Act.
To make a “facility” claim under 18 U.S.C. § 2701(a) of the SCA, plaintiffs must show that defendants: (1) gained unauthorized access to a “facility” where it (2) accessed an electronic communication in “electronic storage.”
While the statute defines “electronic storage” (more on that on another day), the statute does not define “facility,” which always makes it a hot topic of discussion. Plaintiffs here did not allege that the Google Assist software was a facility, but instead, referred to the smart devices that use the software as the “facility”-rookie move in the Northern District, and one the Court was not keen to accept. The Court’s response: “[C]ourts in this Circuit and others have interpreted “facility” to exclude users’ personal devices.” Yikes, and went on to say “Although the Court is skeptical that Plaintiffs will be able to articulate yet another theory of unlawful access to an electronic storage “facility”, the Court will nonetheless grant leave to amend.” Even more concerning for Plaintiffs, the Court stated it was “skeptical that software could properly be considered a facility.” And in fact, other districts have agreed. See for example Cousineau v. Microsoft Corp., 6 F. Supp. 3d 1167, 1174 (W.D. Wash. 2014), where the court indicated “a facility must perform server-like functions.” It’s unlikely that Plaintiffs will be able to prove that Google Assist meets the definition of facility, but plaintiffs’ counsels have always been very creative, so I’m keen to see how far they would go to allege that in the amended complaint.
Plaintiffs fared better with their disclosure claim, however, resulting in a ruling that could have a huge impact on silicon valley. A company violates 18 U.S.C. § 2702(a) if it knowingly and without authorization divulges contents of communication while in electronic storage. In In Re Google, Plaintiff alleged that Google disclosed audio and transcripts to subcontractors for analysis “to improve the functionality” of the Google Assistant without consent. Stated differently: people were listening to your recorded conversations, not just robots.
CIPA Claim—No Eavesdropping/Wiretapping Because Consumers Have Knowingly Allowed Google to Have a Recording Device in their Homes
Plaintiffs here alleged that Google violated the provisions of CIPA addressing “wiretapping” and “eavesdropping.” These claims did not survive the pleadings stage.
Wiretapping, as defined by the California Supreme Court, protects against three distinct and mutually independent patterns of conduct: (i)”intentional wiretapping,” (ii) “willfully attempting to learn the contents or meaning of a communication in transit over a wire,” and (iii) “attempting to use or communicate information obtained as a result of engaging in either of the two previous activities. Here there were no “wires” to tap—the smartphone was being used in this content as a recording device, not as part of any wire transmission.
As to Eavesdropping, CIPA protects (1) “confidential communications” and (2) “intentional” conduct. While the Court had little problem determining that Google’s conduct of holding onto recordings and sharing them with subcontractors was plenty “intentional” the Court was unconvinced that the conversations themselves were all confidential. After all, we all know that Google is listening to us these days right? But in seriousness, the Court determined Plaintiff had failed to plead facts showing that that consumers had a reasonable expectation that the conversation was not being overheard or recorded. And without being able to establish “confidential communication,” Plaintiffs would not be able to argue that Google violated CIPA’s eavesdropping clause, making the claim futile.
The Court was also keen to point that under CIPA, the plaintiff bringing a claim has the burden to prove that the defendant lacked consent to record. Whereas under SCA, consent is only a defense, essentially instructing Plaintiffs to better frame their CIPA allegations.
We are not expecting this putative class of Plaintiffs to go away so easy. Plaintiffs have until June 5 to file an amended complaint, so stay tuned for more!