Lawsuit against Facebook for Tracking of Logged Out Users: Update on Perrin Davis v Facebook 17-17486 plus Full Transcript of Hearing Before the 9th Circuit

The Lawsuit against Facebook for Tracking of Logged Out Users_ Update on Perrin Davis v Facebook 17-17486
Share the knowledge

The Internet tracking lawsuit against Facebook for tracking users after those users have logged out of Facebook is awaiting a decision from the 9th Circuit as to whether it can move forward. The hearing in the matter of Perrin Davis v. Facebook, 17-17486, also known as ‘The Internet Tracking’ case, before the 3-judge panel was in April of 2019 (full transcript of that hearing below).

The Internet tracking case of Perrin Davis v. Facebook was originally filed in April 2011, after Australian researcher Nik Cubrilovic discovered that Facebook was indeed tracking what users do, and where they go, even once they had logged out Facebook. It’s worth noting that, as we explain in our article Millions of Websites Complicit in Helping Facebook Track You Even When You are Not Logged in to Facebook, the Court of Justice of the European Union very recently determined that simply displaying the Facebook ‘Like’ button on a website sends data about you back to Facebook, even if you don’t click it, and even if you are logged out of Facebook.

After the Perrin Davis case was filed, of course, came a whole lot of legal wrangling and posturing, and ultimately Facebook filed a motion to have the whole case dismissed “for lack of standing, that the fraud-based claims lack factual specificity and that the plaintiffs have not stated an actionable claim.”

The lower court agreed with Facebook, and threw the case out, and the plaintiffs appealed to the 9th Circuit.

In April of this year (2019) the parties appeared before the 9th Circuit, and they are still waiting for a decision at the time of this writing (September 24, 2019).

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

We have transcribed that hearing, but before you get to that, let’s look at a few of the more interesting things that Facebook has argued in that hearing.

Facebook’s attorney, Lauren Goldman, at one point accuses the plaintiffs of being “loosey goosey”. She says “Plaintiffs are very loosey goosey about what they’re citing in their brief.”

Loosey goosey is apparently a legal term of art.

She also pointed out that, during the time in question, Facebook had never promised to not track users after they logged out of Facebook. And she says that tracking where a user goes after they log out of Facebook is not a privacy issue, because they are tracking the URLs that their logged out users are visiting, and URLs are “not Personally identifiable information”. Which led to this rather interesting exchange between Facebook’s lawyer and Judge Smith:

Judge Smith: Let’s just say hypothetically that they had alleged that they had information that the people that went offline did so, so they could secretly go to a porno site or something like that and this was a minister or something like that or a group of ministers. Would that make any difference?

Lauren Goldman: It might be a closer case because they would have to show what information, where they went, why that was sensitive, why they were harmed by Facebook’s receipt of that information.”

Anyways, below is the full transcript of that hearing – it happens to explain everything you would want to know about the case, including what is being alleged about Facebook, and their response.

You can also view the hearing here:

Hearing Before the 9th Circuit in the Perrin Davis v. Facebook Internet Tracking case

Judge Thomas … May proceed.

David Straight: May it please the court. Good morning, your honors. David Straight for plaintiffs appellants. I respectfully request to reserve three minutes for rebuttal. Nine years ago, this month in April, 2010, Facebook migrated tracking tools outside of the Facebook domain. More than 7 million websites integrate Facebook functionality representing the majority of all web traffic. More than 30 billion times each day, Facebook’s computer code on these websites causes browsers to quietly copy communications between Facebook subscribers and these websites, and simultaneously report them back to Facebook. Because of the obvious privacy implications of such massive surveillance implications raised by privacy advocates.

David Straight: Even before April, 2010, Facebook assured its subscribers that it would only track them while logged into their accounts. Facebook assured the world, but it was not attempting 24/7 web surveillance. Also on that very same day, Facebook updated its terms of use, contractually promising that its data collection practices would be disclosed and its privacy policy, but as a researcher in Australia would discover the following year, Facebook was secretly tracking its subscribers, intimate internet use, even when logged out of their accounts. With the benefit of discovery, much of which is under seal we know it was no accident and Facebook was aware that its practices were contrary to its public disclosures.

Judge Smith: But council, these facts of course are in the briefs and we have read those. Will you help me to start with, of course, primarily here because of Spokeo. The Supreme Court has changed the rules of it and we’re back in effectual Lou Hahn and analysis. As you well described, prior to the time that Facebook surreptitiously took information from people, it had previously obtained their consent to obtain information, but when they went off line they kept information that was not if you will permitted or disclosed. What injury did your clients suffer as a result of their tracking once the web activity stopped? In other words, they were giving permission in time period one. They did not give permission in time period two, but is it because something different was being picked up and if so, where’s that in the record? If it’s the same in what way are they damaged?

David Straight: Thank you, your honor. I appreciate that. Of course, we’re here not only because of Spokeo, not only because of standing, but also because those claims were the district court found standing were also dismissed for other reasons. We’re happy to address standing first. It’s helpful to group our claims into four categories. There are three types of harm that were pled, two of which the district court accepted, and one of which the court rejected.

David Straight: First would be a loss of privacy. The second would be monetary.

Judge Smith: Let me just be clear. This is loss of privacy on a common law basis?

David Straight: Both common law, your honor and statutory basis. There are four statutory claims, two under the ECPA, there’s the Wiretap Act claim and then of course the SCA, and then there are two California analogs section 631 and 632, those have statutory damages to compensate for loss of privacy.

David Straight: There are also two common law claims under California law, one of which is also in the California constitution and that would be intrusion upon seclusion. And of course invasion of privacy. There are four additional claims for money damages and they’re the basis for standing would be the right to seek monetary damages under California statutes. We have the statutory larceny, we have common law fraud, and we also have a section 502 claim there.

David Straight: The monetary recovery would take the form of restitution or disgorgement of profits, both of which are recoverable damages under California law. So that would be money damages. And then-

Judge Thomas: So you’re not claiming personal economic injury in the sense that your clients would have been willing to sell their privacy rights to someone else. Is that true?

David Straight: No, your honor. We should distinguish between the privacy damaged and then the economic damage. Loss of privacy is an intangible harm. This is an intangible harm that is the preeminent tangible.

Judge Thomas: No, I understand that there. I just want to make sure I understand your economic theory.

David Straight: Yes. The economic theory-

Judge Thomas: The economic theory is not based on the fact that your clients wanted to sell this information to somebody and we’re deprived of the opportunity, correct?

David Straight: Correct. It’s the opposite. These plaintiffs wanted to keep their information private and were denied that right. When-

Judge Smith: So does the fact that Facebook sells this information, makes a lot of money from it. Is that the condition precedent to your claim? In other words, they use your information illegally. They got money from it. It’s yours. You’re entitled to it. Is that basically the argument?

David Straight: No. That’s one theory, your honor. Under the restatement third of restitution and unjust enrichment. I mean the benefit of the primary author of that book helping with us with an Amicus brief here. There are two ways monetary damages could be calculated. One would be restitution. The other would be disgorgement. Under a restitution theory, the data that was stolen, the personally identifiable information has value in the marketplace and the fact that it was taken is compensable under a restitution theory.

David Straight: Alternatively, if Facebook monetized the data and earned on just profits that should be disgorged. The greater of those two would then be the measure of damages. Either the value of the PII that was taken, regardless of whether used, or disgorgement of profits, meaning the profits that were earned. At the time, we drafted the complaint we were under the impression that this information was not shared with third parties. Instead the information was put into your private digital dossier and then Facebook would sell access to your eyeballs essentially to advertisers.

David Straight: Obviously, in the last year we understand with the Cambridge Analytica scandal that maybe our assumptions were wrong in that, but that’s not a part of this case. This is about the profits that Facebook earned on the stolen data. That would be disgorgement or the mere fact of the stealing of the PII, which would be a restitution theory for the value of the PII regardless of what profits were earned on it. Irrespective of the value of the PII. Irrespective of any unjust profits.

David Straight: The primary claims in this case is of course loss of privacy. These are the same sort of claims that were found. We were allowed to proceed in the Google cookie placement case in the third circuit and of course the later Nickelodeon-Viacom case, those cases I believe were post-Spokeo and they involved the loss of privacy, which the majority in Spokeo agreed would be the precise type of intangible harm that can proceed even absent loss of treasure.

David Straight: So in this case, judge the district court below agreed that loss of privacy is the type of intangible harm for which we can seek a compensation in federal court. There is article three standing. The district court also found standing to pursue nominal damages for the contract claim and for the breach of implied covenant of good faith and fair dealing. The district court disagreed with us on the standing to pursue the economic loss claims.

David Straight: Those were the three we have here. Statutory larceny fraud section 502. There was also a fourth claim, trespass to chattels, which is not here on appeal, but those claims were not allowed to proceed. The only analysis there was an article three analysis. We respectfully asked for that decision, that portion of decision to be reversed, but otherwise we do agree with the other two findings on standing.

David Straight: No further questions on standing, I can go into the actual merits of the underlying claims if that would be helpful or do you have further questions on standing for-

Judge Thomas: Use your time as you want.

David Straight: Thank you, your honor. That’s helpful then to go in the same order I just identified for standing for the statutory claims, the wiretap claims because there was independent analysis in the district courts order for dismissing the ECPA claims, and a little bit of analysis on the California analogs. The district court below dismissed the wiretap claim on a theory of a party to the communication exception. Obviously, under the wiretap claim if I communicate with you, there’s no wiretap violation for the interception of that conversation because you’re a party to that conversation. But the district court erred in finding Facebook to be a party to the communication between the subscriber and the first party website.

David Straight: We use the examples in the briefing of, we also use the examples of those are in the complaint and in the briefing, but Facebook is not a party to that conversation. That’s not argued in this case. Instead, what the district court found in the decision dismissing the second amended complaint, the district court reversed itself originally finding that Facebook was not a part of the communication on the second order found that it was.

David Straight: And this would be the conversation supposedly occurring between the user’s browser and Facebook. So the conversation between the subscriber and the first party website consist of a series of exchanges of URLs. That’s how computers communicate. The first one would be a GET request, dear server, please send me information. Then there’s the post response and that information comes back. That conversation, Facebook is not a party to. It is intercepted in real-time. It’s repackaged as a refer header, put into a cookie. It’s then coupled with user identifiables.

Judge Thomas: So there’s a circuit split on this issue, right?

David Straight: There is, I can see there is an unfortunately split.

Judge Thomas: Explain to me why you think we should follow the first and seventh circuit?

David Straight: I believe that if we in the internet age were to consider interceptors to be parties to the communication between the victim and the interceptor because the previous conversation or the concurrent conversation going on elsewhere is somehow redirected and sent off to the interceptor. That would be visceral at the ECPA.

David Straight: When the purpose of the ECPA was to update the old Wiretap Act, the law that applied to surveillance of telephone conversations over wires, and update it for the computer age. When in fact, this new reading of the part of the communication exception would completely gut the BCPA. It would give licenses to all interceptors to design their interceptions in ways.

David Straight: Give license to all interceptors to design their interceptions in ways that would work around this actual case. It is not the case. Let’s say it’s 1969 or 1970 where someone takes a bug, puts it on the phone, overhears your conversation and then that bug, a separate device, is then transmitting a copy of the conversation in real time. Instead in the internet age, the browsers and other devices of the users are being commandeered like zombies and being told, instructed with code, send a copy of this communication in real time to the interceptor. So, there’s not a separate listing device. It’s not Facebook goes into everybody’s home and puts a separate device onto the computer. Instead it is instructing your browser in real time to send copies of those communications. If we then deem Facebook to be a party to that other conversation, simply because they commandeered at someone else’s computer, then we cannot enforce the ECPA when it comes to electronic communications, even though that was the purpose of updating the Wiretap Act with the ECPA.

David Straight: So, for that public policy reason we believe that is the correct reading. Also, there was a slightly different reading the district court had in its first order on the first motion to dismiss rejecting Facebook’s argument. There was the question of knowledge. Where is the user actually aware that Facebook is receiving realtime copies of these communications? And the district court originally rejected the defense saying, “There’s no way that these users are aware that Facebook is also receiving copies,” especially when if one were to read the privacy policy closely, Facebook said it wasn’t and this is also the position that Facebook and a lot of companies in the tech community took recently in an Amicus brief filed with the United States Supreme Court. That’s in US versus Councilman.

David Straight: The majority agreed with the position taken by Facebook there which is that we must respect privacy even though and in fact because modern technology is forcing these communications to be repackaged and sent without the knowledge or consent of the average user. It’s because the way technology has developed that these things are occurring in the background necessarily that we need to understand the technology and understand either fourth amendment or ECPA or any other statute in light of reality. Facebook was right in that Amicus brief and that logic should be applied.

Judge Thomas: You’re down to about a minute.

David Straight: I do want to reserve some time. Should I sit down?

Judge Thomas: Yes.

David Straight: Thank you.

Lauren Goldman: May I please the court, Lauren Goldman of Mayer Brown for Appellee Facebook. I want to start out by setting the record straight on something very important. Plaintiff’s reply brief abandons their contract claim and abandons the theory that there was any promise here not to receive information about the browsing habits of logged out users. Plaintiff came in their opening brief and they say, “Facebook promised starting in 2010 that it would not be tracking logged out users.” We came back and we said, “No, there is nothing in your complaint or your exhibits that identify such a promise during the class period.” Plaintiffs are very loosey goosey about what they’re citing in their brief, but a number of the exhibits that they cite in their brief are dated after the class period. After the period when they’re saying Facebook was engaging in this conduct, they come back to file a reply brief.

Lauren Goldman: They don’t even mention this. Plaintiffs have given up on any argument that Facebook promised not to track logged out users. Facebook never made that promise. So, the premise of their argument that Facebook was deceiving people is groundless. It’s not in the complaint. It’s not in the attachments to their appellate brief. It’s just something that they’re saying. It’s nothing that passes muster under Iqbal or Trombley. So, there was nothing surreptitious about this. The privacy policy just didn’t discuss it until later when the privacy policy did say, “We’re not doing it because we weren’t doing it.”

Lauren Goldman: Now, I want to talk about standing here. The district court analyzed the standing issue after the Supreme Court had decided Spokeo, but before this court had construed Spokeo and what this court has said over and over again in the cases since Spokio was decided is that to bring a federal case, you have to have an actual real world concrete non abstract injury. So, in cases like Bassett and Dutta and Jaris and all the other cases that we cite in our brief including Robbins on remand, this court has said, “What happened to you? What was taken from you? What money did you lose? What intangible injury did you suffer? How were you made worse off by the conduct at issue here?” And that’s something where the plaintiffs have really failed. They come in and they say, “Well, we might’ve had an economic injury,” but as the court pointed out, they don’t allege that they could have sold their data, that they would have sold their data or that their data is now worthless as a result of the alleged conduct here.

Judge Smith: I appreciate what you’re saying, but let’s take the privacy issue as you know very well, privacy is a common law interest and as was pointed out, at least in California we have lots of statutes and there’s some federal law as well that especially refer to the common law right of privacy. What’s Facebook’s response to the idea that when someone’s privacy is invaded as what occurred here, that there are no damages?

Lauren Goldman: Well, our position, your honor, is that their privacy was not invaded here.

Judge Smith: Because of the time period and you didn’t make the promise, which you just said a minute ago. Is that what you’re saying?

Lauren Goldman: In part, but also in part because this court and the California courts have recognized over and over again that the collection of basic digital data about people, the places that people go on the internet is not something in which people have a reasonable expectation of privacy barring some promise not to collect that information. That’s what makes this case different from cases like Google cookie and the third circuit where they said there was a privacy interest. Google said, “If you want to activate your cookie blockers, we won’t be able to get information about you via cookies,” and Google was surreptitiously, allegedly in that case, Google is surreptitiously using software that overrode the cookie blocker. So-

Judge Smith: I want to be sure. I know you focus this in terms of the class period, but I want to be sure I understand your position. When the Australian, I think it was, discovered that Google or rather Facebook was continuing to monitor people after they had gone offline, you’re saying that they have waived any argument about that because it’s not during the class period or what’s your argument on that?

Lauren Goldman: Let me take a step back. Your honor, it’s not a waiver issue. The issue is this. The plaintiff’s claim that Facebook was collecting information about logged out users between April of 2010 and September 26th, 2011, during that time, there was no promise not to do that. There was no statement by Facebook one way or the other about what it was doing.

Judge Smith: So, the contract, effectively, almost all of these contracts are contracts of adhesion, but putting that aside for a moment, you’re saying if you looked in the contract, there was just nothing about it one way or another.

Lauren Goldman: There was nothing about logged out users. No.

Judge Smith: Okay. Was there anything about that when you are online, we collect this information?

Lauren Goldman: Not in the contract. The help center said when you are online we get your user ID.

Judge Smith: Okay, so the negative pregnant of that is the opposite.

Lauren Goldman: But that wasn’t in the contract. That was only in the help center and the district court correctly found that the help center was not incorporated by reference into a contract. So, these alleged promises that when plaintiffs say Facebook said, “We’re not getting your user ID when you’re logged out.” That statement was dated after September 26th, 2011, which is the date on which plaintiffs say in their complaint, Facebook fixed the problem. So, they’re saying you fixed the problem on September 26th then on September 27th you said, “We’re not doing this.” That’s their argument. It’s not about waiver. It’s about facts. It’s about what they alleged we promised and when we promised it.

Judge Thomas: When you’re talking about the tort, the invasion of privacy and the reasonable expectations of privacy. Why isn’t there a factual question as to the existence of tracking when you’re logged out of Facebook? Why doesn’t that present a tribal issue fact?

Lauren Goldman: Because the court already decided in Forrester and in Zynga that there is no reasonable expectation of privacy in the locations that you visit on the internet and that’s for two reasons, your honor. The first reason is that people are giving out this information. When you go places on the internet and you type in Earl into your browser, people use cookies and they know where you’re going and the court said in Forrester and reaffirmed in Zynga that people don’t have a privacy interest in that. That’s not a question of fact. These are-

Judge Thomas: But it’s slightly different in this case because you are tracking where they’re going when they’re not using your program. I understand the browser theory and so forth, but this, isn’t it slightly different when you’re tracking information after they’ve logged out of Facebook?

Lauren Goldman: No, your honor because what you’re still receiving is URLs, locations on the internet. You’re not receiving… This takes me to the second reason why they don’t have a reasonable expectation of privacy. California law recognizes a privacy interest only in information that is sensitive and personal. That’s what the California Supreme Court said in Hill and in Hill, the California Supreme court also said, “This is a question of law for the court.” So, what the court said is that California law recognizes a privacy interest in things that are sensitive and private. The plaintiffs here don’t even say what websites they went to. They don’t say as, your honor Judge Smith pointed out, they don’t say that they had different browsing habits when they were logged out versus logged in. They don’t say anything at all about these URLs. So-

Judge Smith: Let’s just say hypothetically that they had alleged that they had information that the people that went offline did so, so they could secretly go to a porno site or something like that and this was a minister or something like that or a group of ministers. Would that make any difference?

Lauren Goldman: It might be a closer case because they would have to show what information, where they went, why that was sensitive, why they were harmed by Facebook’s receipt of that information. In our view, they would also have to show that that information was disclosed to third parties, that Facebook sold it as the defendant did in the Eichenberger case, that the defendant, that it was used to embarrass them. They have to allege real world harm that something happened to them, that they were embarrassed, that they were shown to be doing something that they shouldn’t have been doing. If you say, “I logged out of Facebook intentionally and then I went to Facebook received that information. They posted it, my wife found out and she divorced me.” That would be a very different thing, but I want to point the court to the specific allegations that they make about the named plaintiffs in this action, which appear at pages a 1101 and 1102 of the record. All they allege is that each named plaintiff visited unidentified websites when they were logged out of Facebook, and that Facebook received that information. That’s not a harm. It’s not a harm as a matter of law, under this court’s decisions in Zynga and in Forrester, it’s not a matter of… It’s not harm under California law.

Judge Smith: Would there be a commonality issue in addition to that? So, everybody’s secret stuff would may be different… Would that make any difference?

Lauren Goldman: Well, it would make a difference in terms of class certification-

Judge Smith: That’s what I mean-

Lauren Goldman: Which I assume is why they haven’t pled it that way.

Judge Smith: Yeah, that’s what I mean.

Lauren Goldman: Yes, you would have individual questions about standing but this case didn’t get that far. I mean, so, essentially what the plaintiffs are doing is, you read the complain and all you know is that each plaintiff went to one or two websites. They could be checking to get the forecast for Milwaukee. And if somebody comes into federal court and says, Facebook found out that I checked the weather forecast in Milwaukee, that’s not a federal claim. That’s not private information under California law, Facebook’s receipt of it didn’t harm anybody and it doesn’t matter whether it’s a statute for a claim or a common law claim.

Lauren Goldman: The reason for that is that, as this court explained in the Basset case in, I think it was footnote two, the court said, whether it’s a statute or not a statute, we still have to look at whether there was a harm. You can’t get into federal court without a harm. And a harm has to be something that happened to you in the real world, I was worse off and here’s why. I wanted to talk a minute… If the court has further questions on standing.

Judge Thomas: Your time’s winding down, so if you have some other topics you want to-

Lauren Goldman: Okay. I just wanted to talk a little bit about the wiretap act because this is a criminal statute and it’s designed to prevent wiretapping. There’s multiple reasons why the plaintiffs have not alleged a wire tap here but I wanted to talk about the circuit split, which your honor asked about. This court has already taken sides on that split in the [CONOP 00:24:05] case. In CONOP, this court held that it’s not an interception under the wire tap act unless you stop, seize or interrupt something in progress or in course. You can’t stop, seize or interrupt, in progress or in course, something, and it’s coming directly from the plaintiff’s browser to you. So this court has already taken sides on that. But even were that not so-

Judge Thomas: This precise issue wasn’t argued in that case.

Lauren Goldman: No, but the court was construing the word intercept under the wire tap act so we would… Positive that’s binding. But even if it weren’t, I want to talk about the first circuit case and the seventh circuit case than I want to talk about Google cookie. So the wire tap act has a specific exception for a party. It says it’s not unlawful for a party to intercept a communication.

Lauren Goldman: In Google cookie, the court was dealing with the exact matters at issue here, not with respect to the promises that were made to the users, but with respect to how get requests work. And the court said, look, all of these communications went directly from the plaintiffs browsers to Google. And so as a result of that, Google was a party to all of the communications it obtained.

Lauren Goldman: That party exception was not at issue in either the first circuit’s decision in Pharmatrack, which contained almost no reasoning, or the seventh circuits decision in the Simkovich case, which was a criminal case where the defendant was accused of having rearranged his boss’s browsers so that all of her emails went directly to him. And the court said, look, that’s an interception any way you look at it. But the court also was not dealing with the party exception.

Lauren Goldman: So to the extent the court thinks that there’s any room here after CONOP, we would urge the court to follow Google cookie which is addressing this same situation. It is much more recent and addresses the party exception. I also want to point out, though, that there would be no reason to get to that, even if plaintiffs meet standing, which we don’t see how they can. There wouldn’t be any reason to get to it because under this court’s decisions in Forrester and Zynga, nothing that was allegedly received here was content.

Lauren Goldman: In Forrester, the court said, a URL about where somebody went on the internet is not the content of a communication, it’s routing information. A, you have no reasonable expectation of privacy in it and B, it’s not content. In Zynga, the court said, we agree with that. We’re applying it to the wire tap act. We think URLs or not content. There’s a bit of dictum in Zynga where the court said, well maybe if there’s search terms that might tell you a little more about the substance of what somebody was doing on the internet. But no search terms are alleged here so that’s not an issue.

Lauren Goldman: So there’s really no reason for the court to wade into any circuit split because as the district court correctly held, there was no content here. We would submit that plaintiff’s contract claims have now been abandoned because they have abandoned any attempt to show that there was any sort of promise, enforceable or non-enforceable, not to track logged out users during the class period which is the period of time when they say we were doing this.

Lauren Goldman: They also have not alleged damages and they haven’t alleged that there was any promise that was actually incorporated into Facebook’s con-

Judge Thomas: Before you sit down, when do you address the theory of unjust enrichment?

Lauren Goldman: Oh sure, your honor. Absolutely. The problem with that theory is that there’s… Unjust enrichment is a theory of damages. It’s not a theory of injury. There’s a difference between injury and damages. Injury is, this happened to me and it was a problem and here’s why I was injured. Damages is the measure of relief for that injury. Plaintiffs are saying that they should be able to recover on an unjust enrichment theory. Now that they have several problems with that. One is that they never pled on unjust enrichment damages because they’re not available for their causes of action.

Lauren Goldman: But the bigger problem is that you can allege an injury by saying somebody else profited. Even before Spokeo courts in this circuit said, you can’t satisfy standing by saying the defendant profited from my data. You have to show that I was worse off. And in fact, plaintiff’s amicus brief makes this very point. They say, unjust enrichment allows a damages theory where the defendant… Where the plaintiff can show that the defendant profited from his property at the plaintiff’s expense.

Lauren Goldman: That’s what the restatement says, that’s what their amicus, Professor Laycock says. There is no allegation of expense here, as the court pointed out. And in any event, even if damages were theoretically available under California law in this theory, which they don’t appear to be, that still would not help plaintiffs get past the hard floor of article three jurisdiction. They still haven’t shown an injury.

Lauren Goldman: Just very quickly, one last point on this. The leap case that the plaintiffs rely on heavily in their reply brief is an excellent example of this. The plaintiff there said that her identity was stolen. The thief bought property with her identity and then the thief disappeared. The property appreciated and she said, I should be entitled to the appreciation because I suffered the serious consequences of identity theft. The court said, yes, you’re right. You suffered serious consequences and so the measure of damages is the appreciated property. That’s how unjust enrichment works. It’s the measure of damages once you’ve shown you’ve been injured, which the plaintiffs have not done here.

Judge Thomas: Thank you.

Lauren Goldman: Thank you, your honor.

David Straight: Thank you, your honors. I’ll be quick on rebuttal. A couple of points. Regarding URLs, whether URLs contain contents. The argument that Facebook is advancing as the exact argument that was advanced by the NSA in the now partially declassified FISA court order that we included with our request for judicial notice. There, the NSA argued that URLs are merely addressing [inaudible 00:29:45] information and not content so that was rejected by the FISA court. URLs can contain content, obviously when they have search terms, but also when they contain similar communications, not just search terms, as this court said in Zynga.

David Straight: In paragraph 185 of the second amended complaint we did actually alleged that search terms were in the URLs that were intercepted, if that’s important to the court. That was actually alleged, but our theory here is broader than that. That URLs beyond mere IP addresses and we can see that a mere IP address might be just routing information, but the full file path, the full URL would be content. A nice discussion of that in the… At least the parts that are declassified in the FISA court order and other litigation.

Judge Smith: Counsel, I want your answer to this question. Opposing counsel indicated that you had abandoned the promise not to take info without consent. What’s your response to that?

David Straight: No, we did not abandon it. Obviously are our primary claims here are the privacy claims and the wiretap claims, the statutory claims, where there was a lack of consent to take the information. But in addition we have the contract claims at the end, they are still alive. The reason I believe that… The question is whether they’re abandoned is because they weren’t addressed in the reply brief because there was nothing new to say. Our third amended complaint does the best-

Judge Smith: Was it raised at some other point in your, in your-

David Straight: Yes, in the opening brief, your honor, and of course it’s pled with particularity in the third amended complaint, paragraphs 57, 62, 65 and 66. These are a number of very clear public representations Facebook made saying we will not track you post log out. Whether or not that qualifies as a contractual promise not to do so is relevant for the contract claim but it’s not relevant for any other claim because there was a disclosure.

Judge Smith: The help center, I think she called it. That’s enough from your perspective?

David Straight: Absolutely. For example, Facebook says in its help center, because you’re not logged into Facebook, we don’t receive your user ID. That is in paragraph 65 of the third amended complaint. In paragraph 66, Facebook says, Facebook cannot track your actions on external sites unless you decide to connect your Facebook account to that site, and so on. In the third amended complaint, these are representations that are made during the class period and not at the end as you just heard. If they are not contractually binding as a promise not to track post log out, they are certainly a representation and that was sufficient for the third circuit in the Nickelodeon Viacom case, and sufficient in the Google case.

David Straight: There is no contract claim in Google cookie placement. There is no contract claim in Viacom Nickelodeon because there was no contract. It was merely a representation in pages very similar to the help center pages here. Facebook made it very clear that they were not tracking post log out. When that became public, it was the biggest privacy scandal of the day, only eclipsed recently with the Cambridge Analytica scandal. The FTC investigated a record 20 years of privacy audits. Congress investigated. The tech press went nuts. This was a very clear-

Judge Thomas: You’re over your time.

David Straight: Yes. Thank you very much for your time.

Judge Thomas: Thank you, counsel.

Judge 2: Case is starting to be submitted for decision.

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link


Share the knowledge

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.