Opinion
21-CV-10902 (GHW) (RWL)
12-21-2022
REPORT AND RECOMMENDATION TO HON. GREGORY H. WOODS: MOTION TO DISMISS
Robert W. Lehrburger, United States Magistrate Judge
Plaintiff Michael P. Goodman (“Plaintiff”) seeks damages against Defendant Gila Goodman (“Defendant”), his estranged wife, alleging violations of the Computer Fraud and Abuse Act (“CFAA”) under 18 U.S.C. § 1030, the Electronic Communications Protection Act (“ECPA”) under 18 U.S.C. §§ 2510 et seq., the Stored Communications Act (“SCA”) under 18 U.S.C. §§ 2701 et seq., and various New York and New Jersey common law and statutory claims. Defendant moves to dismiss the complaint pursuant to Federal Rule of Civil Procedure (“Rule”) 12(b)(6) for failure to state a claim, or, in the alternative, to stay the proceedings pending resolution of the state court divorce proceedings. For the following reasons, the Court recommends that the motion be DENIED IN PART and GRANTED IN PART.
BACKGROUND
A. Factual History
As required on a motion to dismiss pursuant to Rule 12(b)(6), the Court takes the facts alleged in the Second Amended Complaint (“SAC,” Dkt. 25) as true and draws all reasonable inferences in favor of Defendant, as the non-moving party.
Morrison v. National Australia Bank Ltd., 547 F.3d 167, 170 (2d Cir. 2008).
Plaintiff and Defendant were married on May 28, 2006 (Dkt. 28-1) and maintained two residences: a beach home in New Jersey (the “New Jersey Residence”) and the marital residence in New York City (the “New York Residence”). (SAC ¶¶ 20-21.) In March 2020, Defendant filed for divorce against Plaintiff in New York County Supreme Court (“State Court”). (SAC ¶ 26.) On March 19, 2020, after serving Plaintiff with divorce papers, Defendant occupied the New Jersey Residence where Plaintiff had previously left his password protected HP Pavilion All-in-One Computer (the “Computer”). (SAC ¶¶ 17, 22, 27.)
The parties' Marital Agreement is attached as part of Exhibit A to Defendant's counsel Jay Lefkowitz's Declaration in Support of Defendant's Motion to Dismiss. (Dkt. 28-1.).
The parties' Divorce Petition is attached as Exhibit A to Defendant's counsel Jay Lefkowitz's Declaration in Support of Defendant's Motion to Dismiss. (Dkt. 28-1.).
On April 4, 2020, Defendant emailed Plaintiff asking for permission to use his Computer. Plaintiff denied the request. (SAC ¶¶ 29-30.) Defendant nonetheless gained access to the Computer with the help of her son-in-law, Jack Kassin. (SAC ¶ 96.) Defendant maintained a list of passwords and number combinations previously used by Plaintiff. (SAC ¶ 102.) Kassin, acting on Defendant's behalf, tried to gain access to the Computer by entering the list of passwords. None worked. (SAC ¶¶ 103-104.) Kassin then enabled the Computer's PIN Sign On feature and entered the number combinations on Defendant's list until he found one that granted access. (SAC ¶¶ 105-106.) Plaintiff alleges he never shared his PIN. (SAC ¶¶ 94-95.)
Shortly after May 28, 2020, Plaintiff demanded the Computer be returned to him. (SAC ¶ 34.) Defendant returned the Computer nearly a month later. (SAC ¶¶ 37-38.) Plaintiff then immediately sent the Computer to a computer forensic examiner, who examined the Computer and produced a report. (SAC ¶ 39.)
The report provided by Plaintiff's forensic examiner and referenced repeatedly in the SAC is attached as Exhibit B to Defendant's counsel Jay Lefkowitz's Declaration in Support of Defendant's Motion to Dismiss. (Dkt. 28-2.).
Among other things, the forensic examiner determined the following. Between March 19, 2020 and June 23, 2020, Defendant, or those acting on her behalf, repeatedly accessed the Computer and extracted and downloaded data, emails, and other electronic information stored on the Computer's hard drive. (SAC ¶¶ 43-46, 54, 57.) The Computer's password was changed and several “third-party utilities,” like “ostpstviewer.exe,” “outlookviewer.exe,” and “kernloutlookpstviewer.exe,” were installed and run. (SAC ¶¶ 48, 51.) On June 15, 2020, data was extracted from the Computer's hard drive on three separate occasions. (SAC ¶ 54.) After the extractions were complete, an “uninstaller” program was run on the Computer to conceal the installation and use of the extraction software. (SAC ¶¶ 55-56.)
Other potential users include Ms. Goodman's daughter, Naomi Dweck, and her son-inlaw, Kassin. (SAC ¶ 28.).
Between April 25, 2020 and June 16, 2020, a user, who Plaintiff contends is Defendant, performed the following actions on the Computer: (1) visited the Nest home system and Chase banking websites; (2) searched for “icloud login” and visited the Apple iCloud website immediately afterwards; (3) attempted to gain access to Plaintiff's Sotheby's account; (4) visited the login page for the New Jersey Appeal Filing System and the Robin Zendell & Associates' website; (5) visited a “Launch Meeting” page on Zoom; (6) visited the Delaware Courts' website and viewed legal filings related to a case involving Defendant's ex-husband; (7) visited various websites offering software solutions for viewing Outlook email archive files, downloaded a number of such programs, and provided payment to at least one software solution company; (8) accessed a partially-filled “Divorce Intake Form” on a legal case management website that had the Plaintiff's name listed in the “Full Name” field and; (9) visited an invoice summary page for a network equipment installation company. (SAC ¶¶ 57(a)-(h).)
In addition to accessing electronic information stored on the Computer's hard drive, Plaintiff also alleges “[u]pon information and belief” that Defendant had access to his Outlook Exchange Service and, from March 2020 to November 2020, intercepted, accessed, downloaded, and observed his emails and other incoming electronic communications. (SAC ¶¶ 63-64.) “Upon [Plaintiff's] information and belief,” Defendant was able to access, read, download, and delete Plaintiff's emails before they synced to Plaintiff's devices or were received, opened, or read by Plaintiff himself. (SAC ¶¶ 65-67.)
Even though the Computer and its power supply was returned by June 29, 2020 (SAC ¶¶ 37-38), Plaintiff alleges that he was not able to change his Outlook Exchange login credentials until November 2020. (SAC ¶ 63.).
Plaintiff also alleges that Defendant surreptitiously recorded his telephone conversations. In particular, at or around 4:30 p.m. on June 5, 2020, Plaintiff was on the phone and pacing back-and-forth in the New York Residence by the front door of his apartment. (SAC ¶¶ 138, 142, 145.) While Plaintiff spoke with his attorney and his Rabbi, among others, Defendant knelt outside of the front door, out-of-sight, and recorded Plaintiff's calls with her iPhone. (SAC ¶¶ 139-41, 143-44.)
B. The State Court Action
State Court divorce proceedings between the parties began on March 12, 2020 and remain ongoing. (SAC ¶ 26.) In her May 27 and May 28, 2020 submissions to the State Court, Defendant attached dozens of Plaintiff's private emails that Plaintiff had not previously shared with her and that Plaintiff suspects were downloaded from the Computer. (SAC ¶¶ 31-33.) In a June 16, 2020 letter sent via her attorney, however, Defendant claimed that she had turned the Computer off following the parties' initial separation in March 2020. (SAC ¶ 36.)
The state divorce proceeding between the parties is Gila Goodman v. Michael P. Goodman, New York County Supreme Court Index No. 302173/2020.
On November 17, 2020, the State Court ordered Defendant to produce all original copies of Plaintiff's papers, any fixed or portable hard drives that she had in her possession, and any information regarding “her purchase and/or use of any program, software, or modality, used by [Defendant], or at her direction or authorization, to obtain [Plaintiff's] communications and information without his knowledge or authorization.” (SAC ¶¶ 74, 116.) On that same day, the State Court also ordered Defendant to turn over her “iPhone(s), as well as any such computing devices [that] hold or held communications and information belonging to [Plaintiff] and that were obtained by [Defendant] herself ... without [Plaintiff's] knowledge or authorization.” (SAC ¶ 150.) Defendant produced 204 pages of physical printouts of documents and information, together with a one terabyte standalone drive that included over 350,000 emails and “ostpstviewer.exe” software. (SAC ¶¶ 75, 77.) Although Defendant represented to the State Court that she had fully complied with the Court's order, she did not produce additional devices Plaintiff believes to be in her possession. (SAC ¶¶ 117-18.) Defendant also did not produce her cellphone. (SAC ¶ 151.)
On December 2, 2020, Plaintiff saw Defendant and her assistant carrying a large desktop computer out of Defendant's New York City home office, a space the parties jointly own in the same building as the New York Residence. (SAC ¶ 119.) On January 26, 2021, the State Court authorized Plaintiff to make a one-hour inspection of Defendant's home office. (SAC ¶ 120.) During his inspection, Plaintiff saw numerous computing devices that Defendant had not included in her production responding to the State Court's November 17, 2020 Order. (SAC ¶ 121.) On or about February 21, 2021, Plaintiff learned of more devices - another computer and two Dell laptops, purchased in or about April 2020 and May 2020 respectively - that Defendant had withheld from her prior production. (SAC ¶¶ 122-23.)
Regarding the laptops, Plaintiff alleges the following facts “upon information and belief.” The laptop purchased in April 2020 was bought for Defendant's assistant. It has not been turned over to Defendant's counsel as so-ordered by the State Court on November 17, 2020. (SAC ¶ 124.) The laptop purchased in May 2020 was acquired in order to download the contents of the Computer before Defendant returned it to Plaintiff. (SAC ¶ 125.)
According to Defendant's attorney, the May 2020 laptop, onto which Defendant's emails were copied, was not initially turned over to the State Court because it belonged to Defendant's son-in-law and Defendant had only previously borrowed it. (SAC ¶¶ 12627.) However, Defendant's son-in-law had to ask Defendant for the password to unlock the May 2020 laptop since he did not know it himself. (SAC ¶128.) Defendant claims her emails inadvertently synchronized to the laptop while she was borrowing it. Yet, in other statements and submissions to the State Court, Defendant stated that she authorized her assistant to export her emails to the laptop and claimed that it was her son-in-law's idea to export 350,000 files from the Computer to the Cloud. (SAC ¶¶ 127-28, 130.) On April 21, 2021, Defendant's son-in-law turned the May 2020 laptop over to the State Court pursuant to a so-ordered subpoena. (SAC ¶ 131.) Defendant demanded that her attorney wipe all emails from the laptop before any examination of the device commenced. (SAC ¶ 132.)
Defendant also ordered the removal and destruction of other servers, computers, and electronic devices from her home office. (SAC ¶¶ 133-34.) These devices included an email server Defendant used from 2005 to 2015, identified as evidence in the parties' State Court divorce proceedings. (SAC ¶ 135.)
In a May 2021 affidavit submitted to the State Court, Defendant admitted to accessing and using the Computer between March 19, 2020 and May 8, 2020 in order to “prepare inventories of our marital collections of jewelry, art[,] and valuables[.]” (SAC ¶ 88.) During a February 16, 2022 State Court hearing, Defendant again produced documents that Plaintiff believes could only have obtained from the Computer and that had not been disclosed in Defendant's prior responses. (SAC ¶ 78.)
State Court proceedings are ongoing. According to Plaintiff, the State Court will evaluate Plaintiff's state law discovery remedies for Defendant's violations and “[Defendant's] purloining of [Plaintiff's] privileged, private and confidential information.” (Pl. Mem. at 20.) The State Court will make determinations on issues related to the dissolution of the parties' marriage, including splitting up the parties' assets, of which the Computer is one. (Pl. Mem. at 20-21.) Defendant has also raised defenses of joint ownership of property and authorization of use regarding the Computer in the State Court action. (Def. Mem. at 22.) The State Court judge noted in a December 14, 2020 hearing that “whether [Defendant] had a PIN and whether [Plaintiff] knew she had a PIN all along” was a “big part” of determining the nature of the Computer. (Def. Mem. at 2223 (citing a transcript from the State Court proceedings not submitted in the instant action).
“Pl. Mem.” Refers to the Memorandum of Law in Opposition to Defendant's Motion to Dismiss the Second Amended Complaint or Alternatively, to Stay at Dkt. 29.
Plaintiff does not dispute that Defendant has raised these defenses in the underlying proceeding.
“Def Mem.” Refers to the Memorandum of Law in Support of Defendant Gila Goodman's Motion to Dismiss the Second Amended Complaint or Alternatively, to Stay at Dkt. 27.
Plaintiff does not dispute that the State Court has identified these issues.
C. The Instant Action
Nearly two years after Defendant initiated State Court divorce proceedings, Plaintiff filed the initial Complaint in the instant action on December 20, 2021 (Dkt. 1) and the SAC on May 26, 2022 (Dkt. 25.) The SAC alleges nine causes of action - three federal claims under the CFAA, ECPA, and the SCA; three claims under New York common law; and three claims under New Jersey statutory and common law. On June 16, 2022, Defendant filed her motion to dismiss, which is now fully briefed. (Dkt. 26.) The matter has been referred to me for report and recommendation. (Dkt. 3.)
LEGAL STANDARDS
A. Rule 12(b)(6) Motion to Dismiss Standards
To survive a Rule 12(b)(6) motion, a complaint must plead “enough facts to state a claim to relief that is plausible on its face.” Bell Atlantic Corp. v. Twombly, 550 U.S. 544, 570, 127 S.Ct. 1955, 1974 (2007). A claim is facially plausible when the factual content pleaded allows a court “to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Ashcroft v. Iqbal, 556 U.S. 662, 678, 129 S.Ct. 1937, 1949 (2009). “Where a complaint pleads facts that are ‘merely consistent with' a defendant's liability, it ‘stops short of the line between possibility and plausibility of “entitlement to relief.”'” Id., 129 S.Ct. at 1949 (quoting Twombly, 550 U.S. at 557, 127 S.Ct. at 1966).
In considering a motion to dismiss for failure to state a cause of action, a district court must “accept[ ] all factual claims in the complaint as true, and draw[ ] all reasonable inferences in the [non-moving party's] favor.” Lotes Co. v. Hon Hai Precision Industry Co., 753 F.3d 395, 403 (2d Cir. 2014) (internal quotation marks omitted). This tenet, however, is “inapplicable to legal conclusions. Threadbare recitals of the elements of a cause of action, supported by mere conclusory statements, do not suffice.” Iqbal, 556 U.S. at 678, 129 S.Ct. at 1949. Rather, the complaint's “[f]actual allegations must be enough to raise a right to relief above the speculative level, ... i.e., enough to make the claim plausible.” Arista Records LLC v. Doe 3, 604 F.3d 110, 120 (2d Cir. 2010) (internal quotation marks omitted). A complaint is properly dismissed where, as a matter of law, “the allegations in [the] complaint, however true, could not raise a claim of entitlement to relief.” Twombly, 550 U.S. at 558, 127 S.Ct. at 1966.
When deciding a motion to dismiss pursuant to Rule 12(b)(6), a court generally is confined to the facts alleged in the complaint. See Cortec Industries, Inc. v. Sum Holding L.P., 949 F.2d 42, 47 (2d Cir. 1991). A court may, however, consider additional materials, including documents attached to the complaint, documents incorporated into the complaint by reference, matters of which judicial notice may be taken, public records, and documents that the plaintiff either possessed or knew about, and relied upon, in bringing the suit. Kleinman v. Elan Corp., plc, 706 F.3d 145, 152 (2d Cir. 2013). In that regard, if “a document relied on in the complaint contradicts allegations in the complaint, the document, not the allegations, control, and the court need not accept the allegations in the complaint as true.” Poindexter v. EMI Record Group Inc., No. 11-CV-559, 2012 WL 1027639, at *2 (S.D.N.Y. March 27, 2012) (citing Barnum v. Millbrook Care Limited Partnership, 850 F.Supp. 1227, 1232-33 (S.D.N.Y. 1994)).
DISCUSSION
Plaintiff alleges nine causes of action, three of which are federal claims. (Dkt. 25.) Defendant argues that each federal claim is insufficiently pled under Rule 12(b)(6). Alternatively, Defendant urges the Court to abstain from exercising jurisdiction and stay the claims pursuant to the Colorado River doctrine. Plaintiff responds that the SAC sufficiently pleads each cause of action and that the requirements for abstention have not been met.
The discussion below addresses the purported causes of action in turn: first the CFAA claim, then the ECPA claim, followed by the SCA claim, and then the state law claims. The Court concludes that the CFAA claim should be dismissed because Plaintiff fails to sufficiently plead the $5,000 threshold of damage or loss required by the statute. The ECPA claim, insofar as it concerns Defendant accessing Plaintiff's emails, should be dismissed because the SAC does not sufficiently plead Defendant's “contemporaneous interception” of Plaintiff's email. The only federal claim which should not be dismissed is Plaintiff's claim under the ECPA related to Defendant's surreptitious recording of Plaintiff's phone calls. The SCA claim should be dismissed because the Computer does not qualify as a “facility” under the statute. As for Plaintiff's state law claims, principles of supplemental jurisdiction warrant dismissal because the state law claims pertain solely to the Computer and email issues - the subject of all federal claims being dismissed - not recording of Plaintiff's phone calls, which is the subject of the only federal claim that should not be dismissed. Finally, although the parties are actively engaged in litigating Defendant's information-gathering tactics in the state court divorce proceedings, the two actions are not sufficiently parallel to warrant the Court's abstention from considering the lone remaining federal claim.
I. The Computer Fraud and Abuse Act Claim
Simply put, the CFAA is “a scheme aimed at preventing the typical consequences of hacking.” Van Buren v. United States, __ U.S. __,__,141 S.Ct. 1648, 1660 (2021) (internal quotations and citation omitted). It subjects to criminal liability “[w]hoever ... intentionally accesses a protected computer without authorization or exceeds authorized access, and thereby obtains . information from any protected computer.” 18 U.S.C. § 1030(a)(2)(C). The CFAA also authorizes civil action against “[w]hoever knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorization, and by means of such conduct furthers the intended fraud and obtains anything of value” causing a “loss to 1 or more persons during any 1-year period ... aggregating at least $5,000 in value.” 18 U.S.C. §§ 1030(a)(4), (g). A “protected computer” is “a computer . which is used in or affecting interstate or foreign commerce or communication.” 18 U.S.C. § 1030(e)(2). Notably, “[t]he scope of the civil actions permitted under [CFAA] . has always been limited.” Hancock v. County of Rensselaer, 882 F.3d 58, 62 (2d. Cir. 2018).
Plaintiff asserts that he is and has always been the sole owner of the Computer and that Defendant's repeated unauthorized access violated the CFAA. (SAC ¶¶ 18, 20, 91.) According to Plaintiff, Defendant's downloading of an “uninstaller program” to hide her access, along with her failure to turn over devices pursuant to the State Court's orders, demonstrates an intent to deceive. (SAC ¶ 155.) Additionally, actions Plaintiff took to investigate Defendant's unauthorized access, including hiring a forensic investigator and paying court fees, allegedly resulted in losses exceeding the statutory minimum of $5,000. (SAC ¶ 160.)
Defendant argues that Plaintiff's claim should be dismissed because Plaintiff fails to: (1) allege the type of damage encompassed by the CFAA and quantify losses to meet the CFAA's $5,000 threshold; (2) adequately demonstrate that Defendant had an intent to defraud; and (3) plausibly plead the Defendant did not have the authority to access the Computer. (Def. Mem. at 5-10.)
The Court agrees that the SAC fails to adequately allege that Plaintiff incurred losses greater than $5,000 under the CFAA. Because this finding is sufficient to dismiss Plaintiff's CFAA claim, the Court does not address Defendant's other arguments. See Better Holdco, Inc. v. Beeline Loans, Inc., No. 20-CV-8686, 2021 WL 3173736, at *3 (S.D.N.Y. July 26, 2021) (“Because the Court agrees that the Amended Complaint must be dismissed because it does not allege any ‘loss' as defined by the CFAA, it does not address [Defendant's] other arguments”).
A. Relevant Law
“Any person who suffers damage or loss by reason of a violation of [the CFAA] may maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other equitable relief... only if the conduct involves 1 of the factors set forth in” 18 U.S.C. § 1030(c)(4)(A)(i)(I)-(V); id. § 1030(g). Plaintiff exclusively argues that he has sustained losses due to Defendant's accessing of, and the resulting harm to, the Computer and its data. As a result, the only factor implicated here is (I), which requires “loss to 1 or more persons during any 1-year period (and, for purposes of an investigation, prosecution, or other proceeding brought by the United States only, loss resulting from a related course of conduct affecting 1 or more other protected computers) aggregating at least $5,000 in value.” 18 U.S.C. § 1030(c)(4)(A)(i)(I). A plaintiff suing under factor (I) must plead either damage or loss greater than $5,000. See Register.com, Inc. v. Verio, Inc., 356 F.3d 393, 439 (2d Cir. 2004) (“[w]e agree with the (near) unanimous view that any civil action under the CFAA involving damage or loss must satisfy the $5,000 threshold” (internal quotations and citations omitted)); Seltzer v. Clark Associates LLC, No. 20-CV-4685, 2021 WL 396633, at *2 (S.D.N.Y. Feb. 4, 2021) (dismissing CFAA claim where plaintiff did not “plausibly plead damage or loss in excess of $5,000 resulting from the impairment of their computer system, programs, and files”); LivePerson, Inc. v. 24/7 Customer, Inc., 83 F.Supp.3d 501, 513 (S.D.N.Y. 2015) (“[t]o state a private claim under the CFAA, a plaintiff must plead damage or loss in excess of $5,000”).
The CFAA defines “damage” as “any impairment to the integrity or availability of data, a program, a system, or information.” 18 U.S.C. § 1030(e)(8). “Loss” is defined as “any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service.” 18 U.S.C. § 1030(e)(11). Absent a “Second Circuit opinion[] construing [the definition of damage and impairment],” integrity and impairment have been interpreted in this District according to “their ordinary meanings.” United States v. Yucel, 97 F.Supp.3d 413, 420 (S.D.N.Y. 2015). Impairment, for example, has been understood to be the “deterioration; injurious lessening or weakening,” id. (quoting the Oxford English Dictionary (2d ed. Online version June 2012), of a computer or data systems' integrity or “soundness.” Id. (quoting the Oxford English Dictionary (2d ed. Online version Sept. 2014).)
In 2021, the Supreme Court clarified that “[t]he statutory definitions of ‘damage' and ‘loss' ... focus on technological harms - such as the corruption of files - of the type unauthorized users cause to computer systems and data.” Van Buren, __ U.S. at,141 S.Ct. at 1660. “Both before and after the Supreme Court's decision in Van Buren, ‘courts in this District [have] interpreted the CFAA to require “loss” related to damage or impairment of the target computer itself.'” Rekor Systems, Inc. v. Loughlin, No. 19-CV-7767, 2022 WL 789157, at *11 (S.D.N.Y. March 14, 2022) (quoting El Olmari v. Buchanan, No. 20-CV-2601, 2021 WL 5889341, at *14 (S.D.N.Y. Dec. 10, 2021)). The Court now turns to assessing whether the SAC sufficiently pleads the type of “damage” recognized by the CFAA.
B. Plaintiff Has Not Adequately Alleged Damage To The Computer
Plaintiff argues that Defendant damaged the Computer by changing its passwords, thus preventing him from accessing the device (SAC ¶ 50); installing third-party utilities which extracted data and “interfered with the Computer's functioning and data” (Pl. Mem. at 3; SAC ¶¶ 51, 54-56, 60); and deleting data from the Computer. (SAC ¶ 158.) He states that he “incurred substantially over $5,000 in ‘losses' investigating the extent of the ‘damages' caused by [Defendant's] unauthorized access and hacking, and responding to them in the divorce proceeding.” (Pl. Mem. at 4; see also SAC ¶ 160.) But whether certain costs can be properly considered losses incurred responding to an offense requires establishing a “connection between the plaintiff's response and damage to or impairment of the protected device.” Better Holdco, Inc., 2021 WL 3173736, at *4; see also El Omari, 2021 WL 5889341, at *14 (same). Plaintiff has failed to establish that connection.
Although Plaintiff contends that Defendant changing his Computer password functionally impaired him from accessing its systems and data, he does not allege any damage or impairment to the Computer itself. Rather, Plaintiff asserts damages “stem[ming] from [his] own lack of access to the seemingly fully functional [Computer] and unimpaired information.” Nanobeak Biotech Inc. v. Barbera, No. 20-CV-7080, 2021 WL 1393457, at *3 (S.D.N.Y. April 13, 2021.) Again, under the CFAA, the relevant damage or impairment is that “of the target computer itself,” El Omari, 2021 WL 5889341, at *14, the type of technological harms “unauthorized users cause to computer systems and data.” Van Buren, __ U.S. __ at__,141 S.Ct. 1648 at 1660. Merely losing access does not comport with that understanding of damage.
Plaintiff alleges that Defendant extracted, downloaded, and copied his data using programs that harmed the data itself as well as the Computer's functioning. In the SAC, Plaintiff refers to the emails improperly accessed, extracted, and then submitted in the State Court as productions that “[Defendant] had stolen and copied from [Plaintiff's] Computer, together with a 1 TB standalone hard drive ... prepared and produced by [Defendant's] attorneys [that] included over 350,000 stolen emails, and the ... software purchased to . steal . and copy [the emails] to both [Defendant's] Cloud account and at least one of her own laptops.” (SAC ¶¶ 75,77.) However, Plaintiff does not specify how the Computer was actually impaired or if “its systems were otherwise harmed” when Defendant copied and extracted those emails. Better Holdco, Inc., 2021 WL 3173736, at *4.
Similarly, Plaintiff claims that the installation of the third-party programs “interfered with the Computer's functioning and data” without explaining how. (Pl. Mem. at 3.) Nor does the forensic report provide any indication that the third-party utilities downloaded to both effectuate and conceal the extraction technologically harmed the Computer in any way. (See generally Dkt. 28-2; SAC ¶¶ 54-56.) The report states that emails were extracted, but makes no findings that the emails were impaired or that files stored on the Computer were corrupted or altered by the extraction. (See Dkt. 28-2, ¶¶ 28-30, 32-34.) “Plaintiff's CFAA claim might have been proper if, for example, it alleged that [Defendant‘s] access to [the Computer] had damaged the data or the system itself,” but it does not. Schatzki v. Weiser Capital Management, LLC, No. 10-CV-4685, 2012 WL 2568973, at *3 (S.D.N.Y. July 3, 2012).
Finally, Plaintiff pleads that his emails and other data were deleted from the Computer - constituting damage - but those allegations are provided exclusively upon Plaintiff's information and belief and without the support of findings detailed in the forensic report on which the SAC relies. (SAC ¶¶ 65-67). Thus, Plaintiff's pleadings do not adequately assert that Defendant's access inflicted technological harm upon the Computer or caused the “corruption of files” or data stored thereon. Van Buren, __ U.S. __at__,141 S.Ct. 1648 at 1660.
Plaintiff's “upon information and belief” pleading is discussed in full in Sections II and III below.
C. Plaintiff Has Sufficiently Alleged Losses Related To The Forensic Report
Plaintiff's failure to plausibly allege any technological harm to the Computer qualifying as damage under the CFAA does not fully extinguish the viability of his claim under that statute. The CFAA allows recovery for losses “beyond mere physical damage to property ... limited to those costs necessary to assess the damage caused to plaintiff's computer system or to resecure the system in the wake of a hacking attack.” Tyco International (US) Inc. v. John Does 1-3, No. 01-CV-3856, 2003 WL 21638205, at *1 (S.D.N.Y. July 11, 2003). Courts have found that plaintiffs can still meet the loss requirement through a “damage assessment and/or remedial measures, even without pleading actual damage.” Ipreo Holdings LLC v. Thomas Reuters Corp., No. 09-CV-8099, 2011 WL 855872, at *7 (S.D.N.Y. March 8, 2011); accord University Sports Publications Co. v. Playmakers Media Co., 725 F.Supp.2d 378, 387 (S.D.N.Y. 2010) (“the costs of investigating security breaches constitute recoverable ‘losses,' even if it turns out that no actual data damage or interruption of service resulted from the breach”); Nexans Wires S.A. v. Sark-USA, Inc., 319 F.Supp.2d 468, 474 (S.D.N.Y. 2004), aff'd, 166 Fed.Appx. 559 (2d. Cir. 2006) (summary order) (stating that loss is “not limited to the cost of actual repairs” but also encompasses “any remedial costs of investigating the computer for damage, remedying the damage and any costs incurred because the computer cannot function while or until repairs are made”). Qualifying investigations “identify evidence of a breach of computer security, assess any damage it may have caused, and determine whether any remedial measures [are] needed to resecure the network.” Reis, Inc. v. Spring11 LLC, No. 15-CV-2836, 2016 WL 5390896, at *8 (S.D.N.Y. Sept. 26, 2016) (internal quotation marks and brackets omitted).
As alleged, Plaintiff commissioned the forensic report to “investigat[e] and respond[] to [Defendant's] unauthorized access and hacking.” (SAC ¶ 160.) The forensic report itself states that Plaintiff's counsel asked the forensic examiner “to ascertain whether [Plaintiff's] HP desktop computer and his Outlook emails were accessed by his estranged wife [Defendant] without his permission.” (Dkt. 28-2, ¶ 13.) In his briefing, however, Plaintiff disingenuously recasts the investigation's purpose. Rather than an investigation merely to assess unauthorized access (as both the SAC and forensic investigator characterize it), Plaintiff characterizes the investigation as being performed to “investigate and remedy the full extent of [Defendant's] unauthorized hacking,” and an “‘effort[] to identify, diagnose, or address damage to the [Computer].'” (Pl. Mem. at 4 (quoting Better Holdco, Inc., 2021 WL 3173736, at *4).)
That Plaintiff mischaracterized the purpose of the investigation in his brief suggests his own skepticism that an investigation solely to evaluate access to the Computer could be the type of loss covered by the statute. As recognized by the Second Circuit, however, “investigating] ... unauthorized access to [a Computer]” in response to an event, as Plaintiff was doing here, is a “cost[] of ‘conducting a damage assessment'” for CFAA purposes. Saunders Ventures, Inc. v. Salem, 797 Fed.Appx. 568, 570, 572 (2d Cir. 2019) (finding that testimony from the forensic investigator explaining the reason for the investigation as “a concern about a potential unauthorized access” was sufficient “for the jury to have concluded that the purposes of the [] investigation were to identify evidence of a breach, to assess any damage it may have caused, and to determine whether any remedial measures were needed”); see also Zap Cellular, Inc. v. Weintraub, No. 15-CV-6723, 2022 WL 4325746, at *12 (E.D.N.Y. Sept. 19, 2022) (holding that “losses associated with investigations [should not be read] too narrowly” and quoting Saunders in finding that plaintiff's investigations, prompted by defendant's breach of plaintiff's computers and servers, into unauthorized actions on the computer system were losses under the CFAA); compare with Reis, 2016 WL 5390896, at *9 (finding that “the unauthorized accessing of [the] Database - standing alone - [did not] constitute[] a ‘loss' that causes ‘damage'” and that the costs of plaintiffs' investigation focused solely on identifying and “locating and collecting information about the hacker,” without “any effort to investigate damage done to [the] computer system,” was “not recoverable under the CFAA” (internal quotations and citation omitted)). The SAC thus plausibly pleads that the forensic investigation was a cognizable loss under the CFAA.
D. Plaintiff's Legal Fees Are Not Losses Under The CFAA
Although costs associated with the forensic investigation fall within the losses recognized by the CFAA, Plaintiff's losses related to court and legal fees paid in litigating the divorce proceeding are not the type of losses contemplated by the CFAA. The SAC does not detail how the alleged legal fees were expended beyond asserting that the divorce proceedings were “considerably extended as a result of [Defendant's] unauthorized access and hacking.” (SAC ¶ 160.)
The Second Circuit has not spoken on whether litigation-related expenses qualify as losses under the CFAA. However, several district courts nationwide, including in this District, have held that they do not. See, e.g., Dreni v. PrinterOn America Corp., 486 F.Supp.3d 712, 736 (S.D.N.Y. 2020) (finding “litigation expenses,” including storage fees for affected laptops, “too far removed from the forensic assessment to constitute ‘losses' under the CFAA”); Brooks v. AM Resorts, LLC, 954 F.Supp.2d 331, 338 (E.D. Pa. 2013) (“litigation costs are not a compensable loss under the CFAA because they are not related to investigating or remedying damage to the computer”); First Mortgage Corp. v. Baser, No. 07-C-6735, 2008 WL 4534124, at *3 (N.D. Ill. April 30, 2008) (holding that “costs unrelated to the computer itself, such as litigation expenses ... do not qualify”); Wilson v. Moreau, 440 F.Supp.2d 81, 110 (D.R.I. 2006) (finding that “as a matter of law, the costs of litigation cannot be counted towards the $5,000 statutory threshold”).
One district court has further held that litigation costs incurred in litigation separate from the action brought to assert the CFAA claim also do not qualify as CFAA-recognized losses. See Healthcare Advocates, Inc. v. Harding, Earley, Frollmer & Frailey, 497 F.Supp.2d 627, 646-48 (E.D. Pa. 2007). There, the court found that “other costs incurred by [plaintiff]” in the underlying trademark infringement litigation between plaintiff and a competitor firm represented by defendant “such as litigation expenses, attorney's fees, and the costs of hiring experts ... cannot be counted toward the statutory threshold.” Id. at 647. Similarly, here, Plaintiff does not claim as losses the costs of the instant litigation but rather of additional costs incurred in the divorce proceedings resulting from Defendant's use of emails obtained from the Computer. Regardless of that distinction, losses sustained “responding to [damages caused by Defendant's hacking] in the divorce proceeding” (Pl. Mem. at 4) are distinct from efforts to identify, diagnose, or address damage caused to the Computer and are not losses recognized by the CFAA. See Better Holdco, Inc., 2021 WL 3173736, at *4 (stating that expenses incurred in “an investigation - particularly one led by counsel - into the extent of any misappropriation of confidential information is not a ‘cost of responding to an offense' because it is not done to identify, investigate, or remedy any covered damage”).
In addition to “reasonable cost[s] . of responding to an offense,” the CFAA's definition of loss also encompasses costs associated with “any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service.” 18 U.S.C. § 1030(e)(11). Plaintiff's legal fees, however, are not lost revenue or costs incurred because of an interruption of service. Rather, Plaintiff expended legal fees in his divorce proceeding to address Defendant's use of information obtained from the Computer. (See SAC ¶¶ 74-78, 119-23, 157-58)
As further support of his loss, Plaintiff alleges that Defendant introduced the information she obtained from the Computer in the divorce proceeding “for her own gain” and “in order to seek a larger share of [Plaintiff's] imagined wealth.” (SAC ¶ 158.) But “[l]oss of one's competitive advantage is not ‘damage' or ‘loss' covered by the statute.” Better Holdco, Inc., 2021 WL 3173736, at *4. And, although, as alleged, Plaintiff has incurred greater legal costs because of Defendant's behavior in the divorce proceedings, those costs do not amount to lost revenue under the CFAA. See Nexans, 319 F.Supp.2d at 477 (deciding that lost revenue from an interruption of service would be a covered “loss” but “lost money because ... of the way the information was later used by defendants” would not be); Civic Center Motors, Ltd. V. Mason Street Import Cars, Ltd., 387 F.Supp.2d 378, 381-82 (S.D.N.Y. 2005) (citing Nexans to find that “plaintiffs . lost profits resulting from defendant's unfair competitive edge” was not compensable under the CFAA because it was not “the result of computer impairment or computer damage”).
In short, because Plaintiff does not claim to have lost money “because [the Computer was] inoperable” or otherwise impaired “but rather because of the way the information was later used by [Defendant],” legal fees incurred in the divorce proceedings are not cognizable as losses under the CFAA. Nexans, 319 F.Supp.3d at 477.
E. Plaintiff Has Failed To Sufficiently Quantify His Losses Under The CFAA
As the foregoing analysis demonstrates, the only cognizable loss alleged by Plaintiff in the SAC is the expense associated with his forensic investigation of the Computer. If Plaintiff incurred $5,000 or more in expenses associated with that investigation, he could plausibly assert sufficient loss under the CFAA. But the SAC fails to do so. The SAC does not allocate costs incurred associated with the investigation versus those expended as legal fees in the underlying divorce proceeding.
Although the CFAA does not impose a heightened pleading standard, “courts within this District have dismissed CFAA claims for failing to sufficiently quantify damages.” Law Firm of Omar T. Mohammedi, LLC v. Computer Assisted Practice Electronic Management Solutions, No. 17-CV-4567, 2019 WL 3288390, at *7 (S.D.N.Y. July 22, 2019). Courts similarly have dismissed vague complaints that allege general harm, damage, and loss. Deutsch v. Human Resource Management, Inc., No. 19-CV-5305, 2020 WL 1877671, at *4 (S.D.N.Y. April 15, 2020) (dismissing as conclusory plaintiff's allegation that destruction of her property caused more than $5,000 in loss absent an assertion of “what costs she incurred”); Fink v. Time Warner Cable, No. 08-CV-9628, 2009 WL 2207920, at *4 (S.D.N.Y. July 23, 2009) (dismissing complaint that merely alleged that defendants “cause[d] damage by impairing the integrity or availability of data and information”). In contrast, where plaintiffs “connected [their] expenses to a recognized form of loss under the CFAA,” they have been permitted to proceed with their claims. BCRS1, LLC v. Unger, No. 20-CV-4246, 2021 WL 3667094, at *3 (E.D.N.Y. Aug. 18, 2021).
The SAC obfuscates the actual fees incurred with the forensic investigation by conflating those costs with the additional legal fees incurred in the divorce proceedings. For example, the SAC alleges that Plaintiff incurred losses exceeding $5,000 “for investigating and responding to Ms. Goodman's unauthorized access and hacking (cost of forensic analysis) as well as additional legal and court fees incurred in the divorce proceeding.” (SAC ¶ 160 (emphasis added).) In his response to Defendant's Motion to Dismiss, Plaintiff reaffirms that he “incurred substantially over $5,000 in ‘losses' investigating the extent of the ‘damages' caused by [Defendant's] unauthorized access and hacking, and responding to them in the divorce proceeding.” (Pl. Mem. at 4 (emphasis added).) Nowhere does Plaintiff quantify the costs associated with the portion of his alleged losses that actually qualify as cognizable loss under the CFAA. Absent a more specific attribution, the Court cannot determine from the SAC if costs expended by Plaintiff on the forensic investigation - losses appropriately connected to the CFAA - are alone sufficient to meet the $5,000 threshold. See Dreni, 486 F.Supp.3d at 735 (“Failure to specify what portions of expenses are tied to the alleged loss can be fatal to a CFAA claim”); Bose v. Interclick, Inc., No. 10-CV-9183, 2011 WL 4343517, at *4 (S.D.N.Y. Aug. 17, 2011) (finding plaintiff failed to “make any specific allegation as to the cost of repairing or investigating the alleged damage to her computer”). Accordingly, Plaintiff has failed to sufficiently allege his CFAA claim. The CFAA claim therefore should be dismissed pursuant to Rule 12(b)(6) for failure to state a claim.
II. The Electronic Communications Protection Act Claim
Any person who “intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication” violates the ECPA. 18 U.S.C. § 2511(1)(a). The ECPA also includes a civil right of action for “any person whose wire, oral, or electronic communication is intercepted, disclosed, or intentionally used.” 18 U.S.C. §2520(a).
Plaintiff alleges Defendant violated the ECPA first by intercepting his emails and second by recording his private phone conversations on June 5, 2020. Defendant argues both ECPA causes of action should be dismissed or, alternatively, stayed. According to Defendant, Plaintiff's claims fail, first, because he did not adequately plead that Defendant contemporaneously intercepted his email communications and, second, because the recording allegations are exempt under the interspousal exception to the ECPA. Defendant is half right. Plaintiff has not sufficiently plead Defendant's contemporaneous interception of his email necessary to support an ECPA claim. In contrast, Plaintiff has plausibly alleged that Defendant's recording of Plaintiff's phone calls violated the ECPA, and the interspousal exception does not apply.
B. No Contemporaneous Interception Of Email
The SAC fails to sufficiently plead an ECPA claim with respect to Defendant's accessing Plaintiff's email. That is because the pleading fails to plausibly allege the requisite element of contemporaneous interception.
The ECPA defines “intercept” as “the aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device.” 18 U.S.C.§ 2510(4). Courts have construed “intercept” narrowly “to require that the interception of an electronic communication be contemporaneous with the transmission of that communication.” Tantaros v. Fox News Network, LLC, No. 17-CV-2958, 2018 WL 2731268, at *7 (S.D.N.Y. May 18, 2018); see also Zaratzian v. Abadir, No. 10-CV-9049, 2014 WL 4467919, at *6 (S.D.N.Y. Sept. 2, 2014) (“Although no such requirement appears explicitly in the Act, several circuit courts of appeals have concluded on the basis of statutory interpretation and legislative history that an interception of an electronic communication must be ‘contemporaneous' with the transmission of the communication to violate Section 2511); Snyder v. Fantasy Interactive, Inc., No. 11-CV-3593, 2012 WL 569185, at *2 (S.D.N.Y. Feb. 9, 2012) (“Courts addressing the meaning of ‘intercept' narrowly define it to include only ‘acquisitions of communication contemporaneous with transmission, not storage'” and ”[w]hile the Second Circuit has not addressed this issue, the ... reason for maintaining the narrow definition is sound, and this Court adopts it”) (internal citations omitted); Pure Power Boot Camp, Inc. v. Warrior Fitness Boot Camp, LLC, 759 F.Supp.2d 417, 430 (S.D.N.Y. 2010) (“[t]he reasoning behind [requiring contemporaneous interception for electronic communications] is based on the distinction in the statutory definitions of wire communication and ‘electronic communication, the latter of which does not include electronic storage. This difference in definition indicates Congress' intent that one could intercept a wire communication in storage, but could not intercept a similarly situated electronic communication”) (internal quotation marks and citations omitted).
Plaintiff alleges two separate types of interception of his emails by Defendant: (1) accessing Plaintiff's emails before they synced to his devices, and (2) accessing, reading, downloading, and/or deleting emails that had been received but not yet opened or read by Plaintiff. (SAC ¶¶ 63-67, 166-71.) According to Plaintiff, Defendant inappropriately obtained and changed his Outlook Exchange Server login credentials, permitting her to view, monitor, and delete incoming and received emails. (SAC ¶ 62.) In respect to both alleged types of interception, Plaintiff must adequately plead that Defendant's interception was contemporaneous with transmission. He has not. Allegations in support of both of Plaintiff's claims lack the specificity of Plaintiff's other allegations concerning Defendant's access to the Computer and unauthorized activity conducted thereon. (Compare SAC ¶¶ 63-67 with ¶¶ 48, 51-57.) Indeed, Plaintiff pleads facts only “upon information and belief” to support his claims that Defendant accessed his emails both before they synced to his devices and once they had been received but before they were opened or read by Plaintiff. (See SAC ¶¶ 65-67, 166-71.)
Pleading on information and belief is permitted if the facts in question are “peculiarly within the possession and control of the defendant or where the belief is based on factual information that makes the inference of culpability plausible.” Citizens United v. Schneiderman, 882 F.3d 374, 384-85 (2d Cir. 2018) (quoting Arista Records, 604 F.3d at 120). But “[a] litigant cannot merely plop ‘upon information and belief' in front of a conclusory allegation and thereby render it non-conclusory,” Citizens United, 882 F.3d at 384, particularly “when a plaintiff can acquire at least some information that would connect a defendant to the alleged wrongdoing.” Zeitlin v. Palumbo, 532 F.Supp.3d 64, 69 (E.D.N.Y. 2021) (citing Rosenfeld v. Lenich, 370 F.Supp.3d 335, 349 (E.D.N.Y. 2019) (quoting Citizens United, 882 F.3d at 385)). Still, determining plausibility requires contextspecific analysis; “there is no ‘fatal combination,' of magic words ... that makes a complaint deficient.” New York v. Town of Clarkstown, 95 F.Supp.3d. 660, 680 (S.D.N.Y. 2015)..
Had a cause of action been sufficiently plead, Defendant's interception of emails transiting through Plaintiff's Outlook Exchange Server would be a violation of the ECPA. But Plaintiff has not done so, and the circumstances here do not render this “otherwise unsupported claim[] plausible.” Citizens United, 882 F.3d, at 384-85. While Defendant undoubtedly knows information about her actions that Plaintiff does not, the salient facts are not peculiarly within the Defendant's possession or control - Plaintiff has both the Computer and login access to his Outlook Exchange Server. (SAC ¶¶ 34, 63). Indeed, Plaintiff already has submitted the Computer for thorough evaluation by a forensic investigator to “ascertain where Plaintiff's HP desktop computer and his Outlook emails were accessed by [Defendant] without his permission.” (Dkt. 28-2, ¶ 13; accord SAC ¶ 40.) Detailed forensic analysis uncovered that the Computer's local hard drive had been accessed and copied and that several non-automatic actions, like attempting to access or accessing websites, were performed. (Dkt. 28-2, ¶¶ 32-35.) The forensic report and the SAC recite a list of those websites, which includes the Chase banking website, a Zoom webpage, and the Apple iCloud website, but not any Microsoft or Outlook homepage. (SAC ¶ 57; Dkt. 28-2, ¶ 35.) Although “various websites offering software solutions for viewing Outlook email archive files such as PSTs and OSTs were visited” and “[a] number of such programs were downloaded to the Computer and at least one provider of such software solutions ... was paid,” there is no mention of access to websites related to the Outlook Server. (Dkt. 28-2, ¶ 35(i).) The forensic report, heavily relied on by Plaintiff in the SAC, establishes that Defendant accessed data, emails, and electronic information stored on the Computer's hard drive. (SAC ¶¶ 51-56, 85; Dkt. 282, ¶¶ 26-27.)
Although the forensic report is replete with facts concerning the unauthorized access of emails locally stored on the Computer's hard drive in Outlook email containers, it asserts no findings that Plaintiff's Outlook Exchange Server or his email account were actually infiltrated and uncovers no evidence of access to emails before syncing. (See Dkt. 28-2 ¶¶ 26-27.) Plaintiff's allegations are sufficient to plead unauthorized access to the Computer and emails at rest on the hard drive but cannot support the contention that Defendant intercepted emails in transit prior to syncing. See Tantaros, 2018 WL 2731268, at *8 (dismissing Plaintiff's ECPA claim since “even if Defendants did, in fact, gain access to Plaintiff's personal computer or Blackberry device, there is no allegation that any communications were intercepted contemporaneously with when they were made”) (emphasis in original).
Plaintiff's allegations regarding email received but not yet read is also inadequately plead. “[C]ourts have struggled with ... whether one can ‘intercept' an e-mail that has already been delivered.” Pure Power Boot Camp v. Warrior Fitness Boot Camp, 587 F.Supp.2d 548, 556 (S.D.N.Y. 2008). Other circuits have found that the ECPA does not apply to electronic communications already delivered. See United States v. Steiger, 318 F.3d 1039, 1048 (11th Cir. 2003) (noting the textual differences between the ECPA's definitions of wire and electronic communications “illustrates Congress' intent that one could ‘intercept' a wire communication in storage, but could not ‘intercept' a similarly situated electronic communication”); Fraser v. Nationwide Mutual Insurance Co., 352 F.3d 107, 113-14 (3d Cir. 2003) (holding that Defendant's access of Plaintiff's emails stored on a central file server did not qualify as an interception under the ECPA because it did not occur contemporaneously with transmission).
The Second Circuit has not ruled definitively on this question, but it has “implied in dictum that it is not persuaded that an interception of a wire or communication can only occur while the communication is in ‘transit.'” In re Trilegiant Corp., Inc., 11 F.Supp.3d 82, 110 (D. Conn. 2014), aff'd sub nom., Williams v. Affinion Group, LLC, 889 F.3d 116 (2d Cir. 2018) (citing Hall v. EarthLink Network, Inc., 396 F.3d 500, 503 n.1 (2d Cir. 2005)). In Hall, the defendant, an internet service provider, terminated the plaintiff's account due to purported abuse. As non-parties continued to send emails to plaintiff at the account, those emails were received and stored by the defendant who eventually forwarded them to the plaintiff. The District Court granted summary judgment dismissing the ECPA claim. The Second Circuit found that no ECPA claim had been established because the defendant came within an ECPA exception for entities that acquired electronic communications in the ordinary course of business. The Court eventually held that the defendant's conduct did not amount to an interception in violation of the ECPA because it occurred within the ordinary course of the defendant's business as an internet service provider. Hall, 396 F.3d at 503-05. In a footnote, the Court rejected the defendant's argument that interception can only occur while a communication is in transit, but distinguished the case from others as one involving “the continued receipt of e-mail messages rather than the acquisition of previously stored electronic communication.” Id. at 503 n.1 (emphasis in original).
Plaintiff contends that Hall's dictum compels a finding here that Defendant's access to e-mails received but not yet read by Plaintiff meets the contemporaneous interception requirement of the ECPA. (Pl. Mem. 11.) The Court does not agree. Even assuming Plaintiff were correct that Hall leaves open the possibility that access to delivered but unread electronic communications could be actionable under the ECPA, the facts pled in the instant case are hardly similar to those in Hall.
That is demonstrated by the explanation of distinguishing facts in Pure Power Boot Camp (“PPBC”), where the defendants alleged that their employer, using a company computer where the defendants' usernames and passwords remained, violated the ECPA by accessing emails stored in defendants' personal email accounts after defendants had quit the company. 587 F.Supp.2d at 552-53. In finding that the employer's conduct did not constitute interception under the ECPA, the Court distinguished PPBC from Hall.
First, unlike the defendant in Hall but like Defendant here, the PPBC defendant was not an internet service provider accessing stored emails in the ordinary course of business. Id., 587 F.Supp.2d at 556-57. Second, and most significantly here, the PPBC Court noted that the emails at issue had already been delivered to the defendants' email accounts and therefore were previously stored electronic communications outside of the ECPA's scope - “precisely the situation which Hall relied upon to distinguish the decisions the defendants relied upon in that case.” Id., 587 F.Supp.2d at 557. Here, Plaintiff alleges - purely on information and belief - that Defendant accessed, read, downloaded, and deleted emails before Plaintiff ever opened or read them, but does not allege that Defendant did so before they were delivered to his internet service provider email account. Thus, Plaintiff has not sufficiently plead the requisite facts to establish contemporaneous interception by Defendant.
While Plaintiff asserts that evaluation of the Computer is ongoing, he has not provided any information to suggest that further examination will specifically focus on access to emails in transit or are likely to substantiate Plaintiff's claims of contemporaneous interception. (See Pl. Mem. at 10, n. 7; Dkt. 28-2, ¶ 41). Since Plaintiff has not provided specific facts to reasonably infer that Defendant intercepted and deleted Plaintiff's emails before they were delivered to his Microsoft Outlook account or opened even after delivery to the account but before they were synced or downloaded, Plaintiff's ECPA claim as to alleged interception of his emails should be dismissed.
C. The Phone Recording And The Interspousal Exception
Defendant argues that even if Plaintiff has sufficiently alleged the elements of an ECPA claim with respect to Defendant's surreptitious phone recording, the claim still fails as a matter of law due to the interspousal exception. The Court disagrees.
Plaintiff's claims are sufficiently stated as to the phone recording. The Complaint makes detailed factual allegations on when, where, and how Defendant recorded his private phone conversations. (SAC ¶¶ 138-51, 172-76.) Plaintiff alleges that, on or about 4:30pm on June 5, 2020, Defendant crouched outside of the front door of the New York Residence and, unseen, recorded Plaintiff's phone conversations with her iPhone. (SAC ¶¶138-51.) Taken as true, these allegations plausibly suggest, in satisfaction of the ECPA's elements, that Defendant willfully and “intentionally use[d] ... [an] electronic, mechanical, or other device to intercept [Plaintiff's] oral communication.” 18 U.S.C. § 2511(1)(b). This interception was also contemporaneous as Defendant allegedly recorded Plaintiff's calls as they occurred. See, e.g., Arias v. Mutual Central Alarm Service, Inc., 202 F.3d 553, 558 (2d Cir. 2000) (analyzing Plaintiffs' complaints stemming “solely on the alleged illegal recording of their telephone conversations, and not on defendant's listening” under Title III since “recording alone can also constitute an aural or other acquisition”) (internal quotation marks and citations omitted); United States v. Rodriguez, 968 F.2d 130, 136 (2d. Cir. 1992) (“It seems clear that when the contents of a wire communication are captured or redirected in any way, an interception occurs at that time”).
Plaintiff's claim is not undone by Defendant's invocation of the interspousal exception. The ECPA prohibits “any person” from intercepting “any communications.” 18 U.S.C. § 2511(1)(a). While the ECPA does contain specific and enumerated exceptions, none extend to interspousal activity. See 18 U.S.C. § 2511(2). Nonetheless, courts in some circuits have read an interspousal exception into the ECPA in cases where a family member listened into and recorded conversations on a phone in the marital home. Those courts concluded that the ECPA should not be extended to spousal wiretaps absent a clear indication of congressional intent. See, e.g., Simpson v. Simpson, 490 F.2d 803, 805 (5th Cir. 1974) (finding the ECPA inapplicable to a case brought by a divorced wife against her ex-husband for recording her communications because the Court believed that “Congress did not intend such a far reaching result, one extending into areas normally left to states, those of the marital home and domestic conflicts”), overruled by Glazner v. Glazner, 347 F.3d 1212 (11th Cir. 2003). They also viewed the interspousal exception as an outgrowth of the statutory extension-phone exception, whereby a person intercepting a family member's telephone conversations by use of an extension phone does not violate the ECPA. See 18 U.S.C. § 2510(5)(a)(i) ; Anonymous v. Anonymous, 558 F.2d 677, 679 (2d. Cir. 1977) (applying the interspousal exception where a divorced wife brought action against her ex-husband for recording her conversations since “the fact that [the husband] here taped the conversations which he permissibly overheard, we find ... to be a distinction without a difference”). “[A]n overwhelming majority of the federal circuit and district courts, [however,] as well as state courts” have refused to find an exception for interspousal wiretapping. See Glazner, 347 F.3d at 1215.
In relevant part, the statute states that “‘electronic, mechanical, or other device' means any device or apparatus.other than any telephone or telegraph instrument, equipment or facility, or any component thereof, furnished to the subscriber or user by a provider of wire or electronic communication service in the ordinary course of its business and being used by the subscriber or user in the ordinary course of its business or furnished by such subscriber or user for connection to the facilities of such service and used in the ordinary course of its business.” 18 U.S.C. § 2510(5)(a)(i).
Defendant cites to Anonymous v. Anonymous to justify the interspousal exception's application here. (See Def. Mem. at 13-14; Def. Reply Mem. at 5-6.) But the logic on which the Second Circuit relied in Anonymous derives from a case - Simpson v. Simpson - that has been directly overruled by Glazner. See Anonymous, 558 F.2d at 679 (discussing Simpson). In Simpson, the Fifth Circuit addressed whether “the interception by a husband using electronic equipment of the conversations of his wife with a third party over the telephone in the marital home” fell within the ECPA's mandate. 490 F.2d at 803. While acknowledging that the statute's language “by virtue of its inclusiveness, reaches this case,” the Fifth Circuit proceeded to examine the statute's purpose and Congress' intent at the time of passage. Concluding that Congress had not “intended its regulations to invade the realm of personal acts within the marital home,” the Court established the interspousal exception. Id. at 803, 809. Still, harboring doubts in its decision, the Fifth Circuit limited its holding to Simpson's specific facts. Id. at 810.
Nearly thirty years later, after multiple other circuit and district courts rejected Simpson, an en banc Eleventh Circuit formally overruled Simpson in Glazner. 347 F.3d at 1214-16. The plaintiff in Glazner brought a wiretapping action against her estranged husband after he recorded conversations between her and third parties on a telephone in the marital home. Id. at 1214. The Eleventh Circuit held that “no exception for interspousal wiretapping exists” and that the Fifth Circuit had erred in reaching beyond the ECPA's inclusive, clear, and unambiguous language to examine congressional intent. Id. at 1215-16.
The Fifth Circuit is the predecessor to the Eleventh Circuit. The Eleventh Circuit adopted as binding precedent decisions made by the former Fifth Circuit before October 1, 1981. Bonner v. City of Prichard, 661 F.2d 1206, 1209 (11th Cir.1981) (en banc).
Since Glazner was decided in 2003, the Second Circuit Court of Appeals has not addressed the continued viability of Simpson's reasoning. This Court harbors reservations about the logic and reasoning underpinning the interspousal exception, particularly the Simpson court's decision to forego the Act's clear plain text for an incomplete analysis of congressional intent. Beyond the Eleventh Circuit's ruling in Glazner, courts, including one in this Circuit, have come to a similar conclusion. See Gill v. Willer, 482 F.Supp. 776, 778 (W.D.N.Y. 1980) (“Congress was well aware of the widespread use of private electronic surveillance employed in domestic relations cases and chose to enact a blanket prohibition. The reasoning of Simpson is not persuasive”) (internal citations omitted); Heggy v. Heggy, 944 F.2d 1537, 1539 (10th Cir. 1991) (joining the majority of federal circuit courts in holding that Title III does provide a remedy for interspousal wiretapping); Kempf v. Kempf, 868 F.2d 970, 973 (8th Cir. 1989) (finding no legal basis in Title III or its legislative history that creates an interspousal exception); Pritchard v. Pritchard, 732 F.2d 372, 374 (4th Cir. 1984) (holding that Title III prohibits all wiretapping unless specifically, statutorily excepted); United States v. Jones, 542 F.2d 661, 667 (6th Cir. 1976) (finding that the Simpson Court erroneously “concluded that, despite the literal language of the section, the absence of positive proof of congressional intent to include interspousal wiretaps in the Act's prohibitions indicated that Congress did not intend to reach that activity); Kratz v. Kratz, 477 F.Supp. 463, 476 (E.D. Pa. 1979) (“Title III regulates electronic eavesdropping, not marital relations. It proscribes one method of gathering evidence for use in, inter alia, domestic relations cases, but in no manner deals with the merits of such cases ....The evils of electronic surveillance are not peculiar to the marital relationship, and there is no more reason to permit husbands and wives to perpetrate these evils upon each other with impunity than there is to permit them legally to commit any other crimes against each other”).
The only cases Defendant cites predate Glazner and rely on the now-overruled Simpson logic. See Anonymous, 558 F.2d at 679; Janecka v. Franklin, 684 F.Supp. 24, 26-27 (S.D.N.Y. 1987), aff'd, 843 F.2d 110 (2d Cir. 1988) (drawing on Anonymous and Simpson to affirm the applicability of the interspousal exception to a husband's attachment of a recording device to his family telephone); Lizza v. Lizza, 631 F.Supp. 529, 532 (E.D.N.Y. 1986) (“The Second Circuit confronted the issue of the applicability of Title III to familial disputes in Anonymous v. Anonymous []. While limiting its holding to the facts of the case before it, the court in Anonymous leaned toward the Simpson perspective on the scope of Title III”).
Despite the wide-spread repudiation of the interspousal exception as set forth in Simpson, the Second Circuit has not, as yet, overruled Anonymous. Accordingly, this Court must still apply its tenets. See Unicorn Bulk Traders Ltd. v. Fortune Maritime Enterprises, Inc., No. 08-CV-9710, 2009 WL 125751, at *2 (S.D.N.Y. Jan. 20, 2009) (“This Court is bound to follow controlling Second Circuit precedent unless that precedent is overruled or reversed-even if, as here, the precedent has been criticized by scholars and certain courts in other Circuits”). Even so, the facts presented here are factually and materially distinct from those in Anonymous.
In Anonymous, for use in a custody dispute, one spouse used a phone answering machine in the home where he lived with his children to record conversations between his estranged wife when she called to speak with the children. The Second Circuit treated that scenario as simply the recording of what is otherwise protected conduct - a spouse listening in to a conversation from an extension phone in the marital home - since “nobody wants to make it a crime for a father to listen in on conversations between his wife and his eight year old daughter, from his own phone, in his own home” and the “use of an extension phone in [Plaintiff's] own home would certainly be in the ‘ordinary course of (the user's) business'” as carved out by the statute. See Anonymous, 558 F.2d at 678-79 (quoting 18 U.S.C. § 2510(5)(a)(i)).
The Anonymous Court explicitly limited its holding to the facts presented and did not “suggest that a plaintiff could never recover damages from his or her spouse under the federal wiretap statute.” 558 F.2d at 679 (“We merely hold that the facts of this case do not rise to the level of a violation of that statute”). Although, like Anonymous, the instant case involves “purely a domestic dispute” between a husband and wife, id., there is a meaningfully different set of facts. Unlike in Anonymous, Defendant did not record Plaintiff on a telephone line where she otherwise could have listened in through an extension.
The situs of the recording was not the marital residence. Even though Plaintiff's papers refer to the New York Residence in abbreviated form as the “Marital Residence,” the home is described in the SAC in full as “the parties' former marital residence,” (SAC ¶ 21), and Plaintiff's allegations elsewhere state that Defendant knelt outside of “Mr. Goodman's front door” and that she “came running down the stairs from her office on the 10th floor to [Plaintiff's] apartment on the 5th floor [and] began to listen through the front door.” (SAC ¶¶ 9, 138-41.) After the divorce papers were served, the parties physically separated, with Defendant occupying the New Jersey Residence and Plaintiff remaining in the New York Residence. (SAC ¶ 27.) Because of this arrangement, Defendant would not have had ordinary access to telephone conversations held in the New York Residence. “The nature of [Defendant's] interception” was not “of conversations on [her] own telephone installed in [her] own home.” Janecka, 684 F.Supp. at 26. Rather, Defendant recorded Plaintiff's conversations on her personal cellphone while situated outside the Plaintiff's residence. Her conduct thus is outside the scope of the extension phone exemption, which “allows a normal user of an extension phone to listen in to conversations on the same line.” Gill, 482 F.Supp. at 778 (emphasis added).
The SAC does not specify whether Defendant recorded conversations Plaintiff was having on his personal cellphone or on the residence's landline. (SAC ¶¶ 142-45.) While the distinction could matter under a different set of facts, it is irrelevant to the holding here. If Plaintiff was speaking on a cellphone, the comparison to Anonymous is inapposite since there would be no potential extension phone through which Defendant could have lawfully overheard and recorded the conversations. The extension phone exemption might apply if Plaintiff was speaking on a landline with additional extension lines connected. However, the status of the residence described above obviates the issue. Even if Plaintiff was speaking on a telephone landline that had an extension, on the facts here, Defendant would not have had ordinary access to those lines at the time of the alleged incident. As such, the Court need not speculate further on the nature of Plaintiff's calls.
Those same facts also distinguish the case from Simpson, which served as the foundation for Anonymous. See Simpson, 490 F.2d at 809 (“we think the (5)(a)(i) exemption is indicative of Congress's intention to abjure from deciding a very intimate question of familial relations, that of the extent of privacy family members may expect within the home vis-a-vis each other”) (emphasis added); Kratz, 477 F.Supp. 463, 472 (“implicit in Simpson is Judge Bell's assumption that one spouse has little or no justifiable expectation of privacy vis-a-vis the other spouse within the marital home”) (emphasis added).
Thus, regardless of the continued viability of the interspousal exception, the Court does not find a persuasive reason to stretch the exception to cover the facts here. Plaintiff's ECPA claim with respect to Defendant's telephone recording on June 5, 2020 should not be dismissed.
Courts disagree on whether a user's expectation of privacy is relevant to find an interception of telephone communications. Compare Simpson, 490 F.2d at 809 (stating that the personal surveillance of one spouse by the other is “consistent with whatever expectations of privacy spouses might have vis-a-vis each other within the marital home”) with Kratz, 477 F.Supp. at 473 (“a telephone call, which is a wire communication.is protected by Title III regardless of whether the participants actually have any justifiable expectations of privacy” (internal quotation marks and citation omitted)). In that regard, the statute itself distinguishes between “wire” and “oral” communications. Oral communications are defined as “any oral communication uttered by a person exhibiting an expectation that such communication is not subject to interception under circumstances justifying such expectation.” 18 U.S.C. § 2510(2). The definition for wire communications does not include a requirement that the communication be made under circumstances justifying an expectation of privacy. 18 U.S.C. § 2510(1) (“‘wire communication' means any communication made in whole or in part through the use of facilities for the transmission of communications by the aid of wire, cable, or other like connection between the point of origin and the point of reception furnished or operated by any person engaged as a common carrier in providing or operating such facilities for the transmission of interstate or foreign communications”). To the extent the expectation of privacy is relevant, it is considerably heightened here in comparison to the typical inhome context where a recording device is placed on a phone common to all family members and from which the interspousal exception is derived.
III. The Stored Communications Act Claim
The SCA provides criminal penalties for “whoever ... intentionally accesses without authorization a facility though which an electronic communication service is provided; or . intentionally exceeds an authorization to access that facility; and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system.” 18 U.S.C. §§ 2701(a)(1)-(2). Plaintiff alleges Defendant violated the SCA by both hacking into the Computer and accessing, reading, downloading, and/or deleting emails before they were received, opened, or read by Plaintiff. (SAC ¶¶ 188-193; Pl. Mem. at 8-10.) Defendant argues that Plaintiff has not adequately alleged that her access to the Computer was unauthorized and, that neither the Computer nor the Outlook Exchange Server purportedly accessed qualify as a “facility” under the SCA. The Court agrees that Plaintiff has not adequately plead that Defendant accessed a “facility” to state a claim under the SCA.
A. The Computer Is Not A Facility Within The Scope Of The SCA
The SCA does not include a definition of “facility.” It does, however, define “electronic communication service” as “any service which provides to users thereof the ability to send or receive wire or electronic communications.” 18 U.S.C. § 2510(15) (incorporated by reference in 18 U.S.C. § 2711(1)). “Courts have interpreted the [SCA] to apply to providers of a communication service such as telephone companies, Internet or e-mail service providers, and bulletin board services.” Garcia v. City of Laredo, Texas, 702 F.3d 788, 792 (5th Cir. 2012), see also In re DoubleClick Inc. Privacy Litigation, 154 F.Supp.2d 497, 509 (S.D.N.Y. 2001) (underscoring that Congress “explicitly chose to make § 2701(a) [of the SCA]'s general rule subject to § 2701(c)(2)'s exception for access authorized by authors and intended recipients of electronic communications”).
Although the Second Circuit has not yet ruled on the issue, courts in this District have consistently declined to treat personal computers, such as the Computer at issue here, as facilities for SCA purposes. See, e.g., Cohen v. Casper Sleep Inc., No. 17-CV-9325, 2018 WL 3392877, at *5 (S.D.N.Y. July 12, 2018) (“Judges in this District routinely hold that communications stored on personal devices are not held in electronic storage”); Obeid on behalf of Gemini Real Estate Advisors LLC v. La Mack, No. 14-CV-6498, 2017 WL 1215753, at *9 (S.D.N.Y. March 31, 2017) (reaffirming that the stored communications subject to the SCA are emails stored on an electronic communication service provider's systems, not those stored on a personal computer); Williams v. Rosenblatt Securities Inc., 136 F.Supp.3d 593, 607 (S.D.N.Y. 2015) (“Because communications downloaded to a user's computer terminal are neither stored on a temporary basis “incident to [their] electronic transmission” nor stored “by an electronic communication service for purposes of backup protection of such communication,” the plaintiff's allegations ... fail[ ] to state a claim”).
The majority of courts outside the Second Circuit that have considered the issue have reached the same conclusion. See, e.g., In re Nickelodeon Consumer Privacy Litigation, 827 F.3d 262, 277 (3d Cir. 2016) (finding that “personal computing devices were not protected ‘facilities' under the statute”); Garcia, 702 F.3d at 790 (concluding that the SCA “does not apply to data stored in a personal cell phone”); Steiger, 318 F.3d at 1049 (finding that the SCA does not apply to the act of hacking into a personal computer to download information stored on the hard drive); In re iPhone Application Litigation, 844 F.Supp.2d 1040, 1057-58 (N.D. Cal 2012) (holding that Plaintiffs' personal iPhones did not “constitute facilit[ies] through which an electronic communication is provided” because finding otherwise would “render other parts of the statute illogical”).
These courts point to the statute's plain text and purpose to support their conclusion. The SCA covers instances where “a facility through which an electronic communication service is provided” was improperly accessed. 18 U.S.C. § 2701(a)(1). “Electronic communication service” is statutorily defined as a “service which provides to users thereof the ability to send or receive wire or electronic communications.” 18 U.S.C. § 2510(15). In passing the SCA, Congress was motivated by “a specific congressional intent to deal with the particular problem of private communications in network service providers' possession.” In re Google Inc. Cookie Placement Consumer Privacy Litigation, 806 F.3d 125, 147 (3d Cir. 2015). The statute naturally applies to telephone companies, internet or e-mail service providers, and bulletin board services, not personal devices that simply make use of rather than provide electronic communication services. See S. REP. No. 99-541, at 36, reprinted in 1986 U.S.C.C.A.N. 3555, 3590); Garcia, 702 F.3d at 792; Theofel v. Farey-Jones, 359 F.3d 1066, 1075 (9th Cir. 2004); Orin S. Kerr, A User's Guide to the Stored Communications Act, and a Legislator's Guide to Amending It, 72 GEO. WASH. L. REV. 1208, 1215 n. 47 (2004) (“The statute envisions a provider (the ISP or other network service provider) and a user (the individual with an account with the provider), with the user's communications in the possession of the provider”).
Adopting a contrary construction - that a facility includes a personal computer -“renders other parts of the statute illogical.” In re iPhone Application Litigation, 844 F.Supp.2d at 1058. As one example, the SCA elsewhere authorizes access to a facility by an electronic communication service provider. 18 U.S.C. § 2701(c). If a personal computer was a facility, then a service provider would be able to grant access to that computer. Id. “It would certainly seem odd that the provider of a communication service could grant access to one's home computer to third parties.” Crowley v. CyberSource Corp., 166 F.Supp.2d, 1263, 1271 (N.D. Cal. 2001).
While a small minority of decisions have treated personal computers as facilities within the scope of the SCA, they have been distinguished as insufficiently analytical or being resolved on other grounds. For example, in In re iPhone Application Litigation, the court explained:
Plaintiffs urge the Court to follow a number of non-binding decisions that have accepted that personal computers can be facilities. See Chance v. Ave. A, Inc., 165 F.Supp.2d 1153, 1161 (W.D. Wash. 2001); In re Intuit Privacy Litig., 138 F.Supp.2d 1272, 1275 n. 3 (C.D. Cal. 2001); Expert Janitorial, LLC v. Williams, No. 3:09-CV-283, 2010 WL 908740, at *5 (E.D. Tenn. Mar. 12, 2010) (citing In re Intuit). The decisions on which Plaintiffs rely, however, provide little analysis on this point of law, instead assuming plaintiff's position to be true due to a lack of argument and then ultimately ruling on other grounds. See, e.g., In re Intuit, 138 F.Supp.2d at 1275 n. 3 (declining to consider defendant's argument that an individual's computer does not qualify as a “facility” under § 2701 because it was untimely raised in a reply brief).844 F.Supp.2d at 1057-58.
The Court finds no reason to depart from the majority view. The Computer is not a facility within the meaning of the SCA. Quite apart from whether or not Defendant was authorized to access the Computer, Plaintiff has not alleged a plausible SCA claim regarding Defendant's access to it and use of communications residing on the Computer.
B. Plaintiff Has Not Plausibly Alleged Defendant's Having Accessed The Outlook Exchange Server
Plaintiff also has failed to plausibly assert an SCA claim, although for a different reason, with respect to Defendant's alleged access to the Outlook Exchange Server and communications stored and transmitted through it. Operated by Microsoft, the Outlook Exchange Server qualifies as a covered third-party electronic communication service provider under the SCA. See In re DoubleClick Inc. Privacy Litigation, 154 F.Supp.2d at 508 (defining “electronic communication service” to apply to “the service which provides to users thereof the ability to send or receive wire or electronic communications”); Theofel, 359 F.3d at 1072-73 (“the [SCA] protects users whose electronic communications are in electronic storage with an ISP or other electronic communications facility”). According to Plaintiff, Defendant violated the SCA when, from her initial hack of the Computer, she obtained Plaintiff's login credentials to the Outlook Exchange Server through which his email passes, which she then used to “intercept, access, download, and otherwise improperly observe” Plaintiff's email and other electronic communications before they were synced to his devices and read or received by Plaintiff. (SAC ¶¶ 62-67.)
Accepting that Plaintiff's personal Outlook Exchange Server qualifies as a covered facility under the SCA, Plaintiff has still failed to sufficiently plead that Defendant unlawfully accessed any communications stored or transmitted through it. In making his SCA claim, Plaintiff relies on the same insufficient allegations that warrant partial dismissal of his ECPA claim. All of Plaintiff's assertions about Defendant's unauthorized access to Plaintiff's Outlook Exchange Server are plead “upon information and belief.” (SAC ¶¶ 62-67, 190-192.) And the forensic report, referenced repeatedly in the SCA, makes no finding that Defendant accessed communications residing on or transmitted through the Outlook Exchange Server. Given that the forensic report provides considerable specific information about where Plaintiff's email communications were stored (i.e., on the Computer itself), when they were accessed, how they were accessed, and the like, the report's omission of any suggestion of Defendant having accessed the Outlook Exchange Server is telling. (See Dkt. 28-2, ¶¶ 26-27.) See Perry v. NYSARC, Inc., 424 Fed.Appx. 23, 25 (2d Cir. 2011) (summary order) (although “the court must generally accept as true all of the factual assertions in the complaint ... there is a narrow exception to this rule for factual assertions that are contradicted by the complaint itself, [or] by documents upon which the pleadings rely”); Amidax Trading Group v. S.W.I.F.T. SCRL, 607 F.Supp.2d 500, 503, 506-09 (S.D.N.Y. 2009), aff'd, 671 F.3d 140 (2d Cir. 2011) (rejecting plaintiff's conjectural allegations plead upon information and belief due to contradictory information elsewhere in the complaint, including attached exhibits); Bauman v. Mount Sinai Hospital, 452 F.Supp.2d 490, 503 (S.D.N.Y. 2006) (rejecting conclusory allegations plead upon information and belief due to contradictory information in Plaintiffs' exhibits); cf. Arista Records, 604 F.3d at 121 (“to the extent that ... allegations [were] made on information and belief, virtually all of them [were] supported by factual assertions in [the attached] Exhibit”).
The SAC is notably distinguishable from a case such as Kornotzki v. Jawad, No. 19-CV-6689, 2020 WL 2539073, at *3 (S.D.N.Y. May 19, 2020), where the pleading plausibly alleged SCA violations because “the Counterclaim Complaint is not explicit about where the email messages were stored” and “nothing in the Counterclaim Complaint indicates that the messages were stored locally on the account-holders' computers.” Here, in contrast, the SAC - and the referenced forensic report - repeatedly, explicitly, and specifically refer to email being stored on the Computer's hard drive.
Plaintiff also has not plead that the Outlook email containers locally stored on the Computer qualify as a facility. And even if he had, “it is entirely non-controversial that ‘email messages downloaded and stored on, and subsequently accessed solely from, a user's personal computer do [] not fall within the SCA's definition of electronic storage.'” Council on American-Islamic Relations Action Network, Inc. v. Gaubatz, 793 F.Supp.2d 311, 337 (D.D.C. 2011) (quoting Thompson v. Ross, No. 2:10-CV-479, 2010 WL 3896533, at *5 (W.D. Pa. Sept. 30, 2010)); see also Yukos Capital S.A.R.L. v. Feldman, 977 F.3d 216, 232 (2d Cir. 2020) (holding that employee's emails downloaded onto employer's computers, as opposed to those stored in ISP systems, were not “in electronic storage” under the SCA); Rosenblatt Securities, 136 F.Supp.3d at 607 (finding that the SCA's definition of “electronic storage” does not cover emails downloaded onto a user's computer terminal).
Since Plaintiff has not sufficiently plead that Defendant gained unauthorized access to a facility under the SCA, the claim should be dismissed.
IV. The State Law Claims
Plaintiff alleges six state law claims against Defendant: trespass to chattels, civil conversion, fraud, violation of the New Jersey Computer Related Offenses Act, violation of the New Jersey Wiretapping and Electronic Surveillance Control Act, and invasion of privacy.
A federal court has pendent, or supplemental, jurisdiction over state law claims “that are so related to claims in the action within such original jurisdiction that they form part of the same case or controversy.” 28 U.S.C. § 1367(a). Supplemental jurisdiction is proper when the state and federal claims “derive from a common nucleus of operative fact.” United Mine Workers of America v. Gibbs, 383 U.S. 715, 725, 86 S.Ct. 1130, 1138 (1966). A federal district court's exercise of supplemental jurisdiction is discretionary -the court can decline to exercise such jurisdiction if “the claim raises a novel or complex issue of State law;” the state claim or claims “substantially predominates” over the claim or claims over which the district court has original jurisdiction; “the district court has dismissed all claims over which it has original jurisdiction;” or, “in exceptional circumstances ... other compelling reasons.” 28 U.S.C. §§ 1367(c)(1)-(4); see also City of Chicago v. International College of Surgeons, 522 U.S. 156, 173, 118 S.Ct. 523, 53334 (1997). “[I]n the usual case in which all federal-law claims are eliminated before trial, the balance of factors to be considered under the pendant jurisdiction doctrine - judicial economy, convenience, fairness and comity - will point toward declining jurisdiction over the remaining state-law claims.” Carnegie-Mellon University v. Cohill, 484 U.S. 343, 350 n.7, 108 S.Ct. 614, 619 n.7 (1988).
There is good reason to decline to exercise jurisdiction over the State Court claims here. Pursuant to the discussion above, the Court should dismiss all but Plaintiff's ECPA claim arising out of Defendant's recording of his phone calls. Unlike that federal claim, none of the state law claims seek redress for Defendant's surreptitious recording. Each state claim asserted by Plaintiff is detailed and specifically refers to Defendant's access to the Computer and Plaintiff's email, or the June 5, 2020 phone recording. But none are premised on Defendant's actions in recording Plaintiff's phone conversations. (See SAC ¶¶ 197-201, 205-10, 213-17, 221-27, 230-38, 241-43.) Rather, the sole mention of the phone recording in the state law claims is in Plaintiff's sixth cause of action for fraud based on Defendant's alleged misrepresentations that she had complied with the State Court's November 17, 2020 order to turn over the phone recording. (SAC ¶ 214; see also ¶¶ 150-51.) Plaintiff's claim of fraud does not implicate or discuss the act of recording itself.
For example, Plaintiff claims trespass to chattel for Defendant's unauthorized use of the Computer and access to his personal data and information. (SAC ¶ 197.) Plaintiff's claim for civil conversion stems from Defendant's “wilfull[ ] interfere[nce] with the use of the Computer, and...[Plaintiff's] electronic files, data and other information by virtue of her improper access to the Computer.” (SAC ¶ 205). Plaintiff claims Defendant violated the New Jersey Computer Related Offenses Act through her “purposeful and/or knowing access of [Plaintiff's] stored e-mails and/or internet messages” (SAC ¶ 222) and violated the New Jersey Wiretapping and Electronic Surveillance Control Act by hacking into the Computer without authorization. (SAC ¶¶ 230-31.) Finally, Plaintiff alleges Defendant invaded his privacy through her intentional access to the Computer without authorization. (SAC ¶¶241-42.)
The remaining active federal claim and the state claims thus do not share a common nucleus of operative fact. Moreover, the six state law claims predominate over the sole remaining federal claim, and judicial efficiency and comity - particularly to the State Court's domain over marital and divorce matters - weigh in favor of declining supplemental jurisdiction over the state law claims. As both courts are in New York City, convenience is not a significant factor. And fairness strikes the Court as neutral in the circumstances. Giving due consideration to all factors, the Court recommends declining supplemental jurisdiction over Plaintiff's state law claims.
IV. Dismissal With Or Without Prejudice
As the Court recommends dismissal of most of the claims asserted in the SAC, consideration should be given to whether they are to be dismissed with or without prejudice. The state law claims should be dismissed without prejudice because the Court has not passed on their merits and is not exercising subject matter jurisdiction over them. See Tops Markets, Inc. v. Quality Markets, Inc., 142 F.3d 90, 103 (2d Cir. 1998) (“the district court was correct not only in dismissing the state law causes of action, but also in dismissing them without prejudice”); Clark v. Suffolk County, No. 14-CV-7195, 2018 WL 1221133, at *1 (E.D.N.Y. March 8, 2018) (“given the dismissal of the federal claims, the Court declines to exercise supplemental jurisdiction over any potential state law claims against defendant, and these state law claims are dismissed without prejudice”); Rivera v. Smith, No. 07-CV-3246, 2009 WL 124968, at *6 (S.D.N.Y. Jan. 20, 2009) (declining to exercise supplemental jurisdiction over state law claims and dismissing plaintiff's state law claims without prejudice).
The federal claims require a different analysis as they are to be dismissed for failure to state a claim. When granting a motion to dismiss “leave to amend at least once should normally be granted as a matter of course.” Oliver Schools, Inc. v. Foley, 930 F.2d 248, 253 (2d Cir. 1991). Notwithstanding the general policy favoring leave to amend, “the Court may deny leave to amend if: (1) there has been undue delay; (2) plaintiff has repeatedly failed to provide satisfactory amendments; (3) amendment would prejudice the opposing party; (4) the amendment would be futile.” Sulehria v. New York, No. 12-CV-0021, 2012 WL 1284380, at *3 (N.D.N.Y. April 16, 2012) (citing Foman v. Davis, 371 U.S. 178, 182, 83 S.Ct. 227, 230 (1962)); accord Sprague v. Salisbury Bank & Trust Co., 969 F.3d 95, 101 (2d Cir. 2020); Ruotolo v. City of New York, 514 F.3d 184, 191 (2d Cir. 2008); Ferring B.V. v. Allergan, Inc., 4 F.Supp.3d 612, 618 (S.D.N.Y. 2014).
In this case, the Court recommends dismissal of the CFAA, SCA, and ECPA claims (other than as to the telephone recording) with prejudice for multiple reasons. First, Plaintiff has not asked for leave to amend as an alternative to denying the motion to dismiss. See Cybercreek Entertainment, LLC v. U.S. Underwriters Insurance Company, 696 Fed.Appx. 554, 555 (2d Cir. 2017) (“[plaintiff's] failure to request leave to amend alone supports the District Court's dismissal with prejudice”); Horoshko v. Citibank N.A., 373 F.3d 248, 249-50 (2d Cir. 2004) (“[plaintiffs'] contention that the District Court abused its discretion in not permitting an amendment that was never requested is frivolous”).
Second, Plaintiff already has been afforded the opportunity to amend to address the deficiencies at issue. Plaintiff filed his original Complaint on December 20, 2021 (Dkt. 1) and his First Amendment Complaint (FAC) on February 24, 2022 (Dkt. 14). On March 14, 2022, Defendant sent a pre-motion letter to the Court seeking leave to file a motion to dismiss the FAC. (Dkt. 15.) In that letter, Defendant identified the parts of Plaintiff's claims that were deficient and previewed the arguments she later made in her motion to dismiss. Among other points, Defendant's pre-motion letter argued that Plaintiff failed to allege the required type and amount of losses under the CFAA; the ECPA claim did not allege contemporaneous interception; and the Computer is not a “facility” under the SCA - the very same arguments raised in the instant motion. (Dkt. 15 at 2.) The parties participated in a pre-motion conference on April 14, 2022, and, three weeks later, Plaintiff requested, and was granted, leave to file the SAC, which he did on May 26, 2022.
Plaintiff's FAC and SAC are virtually identical except for the inclusion of facts and claims regarding the telephone recording. All of Plaintiff's claims deriving from Defendant's access to the Computer were left essentially untouched between Plaintiff's FAC and SAC, even though Plaintiff was on notice of the deficiencies identified by Defendant. The parties' case management plan set October 17, 2022 as the deadline for amended pleadings, thus affording Plaintiff ample time to amend and strengthen his pleading in response to Defendant's preview of her arguments. Plaintiff failed to do so.
Having already twice amended his complaint, and having already been provided with the opportunity to buttress his claims in response to Defendant's arguments, a further opportunity to amended is not warranted. See TechnoMarine SA v. Giftports, Inc., 758 F.3d 493, 506 (2d Cir. 2014) (affirming dismissal where plaintiff “failed to resolve its pleading deficiencies in its First Amended Complaint); Denny v. Barber, 576 F.2d 465, 471 (2d Cir. 1978) (holding that plaintiff “on the plainest notice of what was required” for a proper complaint was not entitled to “a third go-around”); All-City Metal, Inc. v. Sheet Metal Workers' International Association Local Union 28, No. 18-CV-958, 2020 WL 1502049, at *8 (E.D.N.Y. Feb. 18, 2020) (dismissing plaintiff's Second Amended Complaint with prejudice since plaintiff had already amended twice and had not sought leave to amend a third time); LaForgia v. Hoch, No. 15-CV-8589, 2018 WL 4682019, at *7 (S.D.N.Y. Sept. 28, 2018) (“As Plaintiffs have been represented by counsel throughout these proceedings and have already amended their Complaint once, these claims are dismissed with prejudice”); Marks v. Energy Materials Corp., No. 14-CV-8965, 2015 WL 3616973, at *10 (S.D.N.Y. June 9, 2015) (dismissal with prejudice is appropriate where a counseled plaintiff has already amended the complaint and failed to request leave to amend when responding to a motion to dismiss). Accordingly, dismissal of Plaintiff's federal claims should be with prejudice.
V. Abstention
Defendant argues in the alternative that the Court should abstain from exercising jurisdiction over the case pursuant to the Colorado River doctrine. See Colorado River Water Conservation District v. United States, 424 U.S. 800, 96 S.Ct. 1236 (1976). In Colorado River, the Supreme Court held that, in “exceptional circumstances” a “federal court may abstain from exercising jurisdiction when parallel state-court litigation could result in ‘comprehensive disposition of litigation.'” Niagara Mohawk Power Corp. v. Hudson River-Black River Regulating District, 673 F.3d 84, 100 (2d Cir. 2012) (quoting Colorado River, 424 U.S. at 817, 96 S.Ct. at 1246).
The threshold determination for Colorado River abstention is whether the concurrent federal and state proceedings are sufficiently “parallel.” See Dittmer v. County of Suffolk, 146 F.3d 113, 118 (2d Cir.1998); Alliance of American Insurers v. Cuomo, 854 F.2d 591, 603 (2d Cir.1988). Proceedings are “parallel” if “substantially the same parties are contemporaneously litigating substantially the same issue” in both forums. Dittmer, 146 F.3d at 118; accord Niagara Mohawk Power Corp., 673 F.3d at 100. “Perfect symmetry of parties and issues is not required .... Rather, parallelism is achieved where there is a substantial likelihood that the state litigation will dispose of all claims presented in the federal case.” Phillips v. Citibank, N.A., 252 F.Supp.3d 289, 295 (S.D.N.Y. 2017) (internal quotation marks and citations omitted).
Once the threshold issue of concurrence has been satisfied, the Court then turns to considering six additional factors:
(1) whether the controversy involves a res over which one of the courts has assumed jurisdiction; (2) whether the federal forum is less inconvenient than the other for the parties; (3) whether staying or dismissing the federal action will avoid piecemeal litigation; (4) the order in which the actions were filed, and whether proceedings have advanced more in one forum than in the other; (5) whether federal law provides the rule of decision; and (6) whether the state procedures are adequate to protect the plaintiff's federal rights.Woodford v. Community Action Agency of Greene County, Inc., 239 F.3d 517, 522 (2d Cir. 2001) (internal citations omitted). These factors are not applied as a “mechanical checklist,” but are carefully balanced for each case, “with the balance heavily weighted in favor of the exercise of jurisdiction.” Moses H. Cone Memorial Hospital v. Mercury Construction Corp., 460 U.S. 1, 16, 103 S.Ct. 927, 937 (1983). Although no single factor is dispositive, “the danger of piecemeal litigation” is of “paramount consideration.” Arkwright-Boston Manufacturers Mutual Insurance Co. v. City of New York, 762 F.2d 205, 211 (2d Cir. 1985).
Defendant contends that abstention is warranted because the State Court will determine in the divorce proceedings two central factual issues bearing on Defendant's authority to access the Computer that are at the heart of the instant action: (1) whether the Computer is shared marital property, and (2) whether Defendant was authorized with Plaintiff's PIN Code to access the Computer.
Federal courts considering similar circumstances have reached varied conclusions. Compare Mehta v. Maddox, 296 F.Supp.3d 60, 65 (D.D.C. 2017) (exercising abstention and granting a stay in a federal CFAA suit between estranged spouses where relevant determinations would be decided in ongoing divorce proceedings between the same parties) with Stein v. Needle, No. 3:19-CV-1634, 2021 WL 1178283, *4, 7 (D. Conn. Mar. 29, 2021) (declining to abstain from a CFAA claim brought between estranged spouses even though the “state family court [would] likely need to decide if the computer is ‘marital property'” because, in part, “[a] stay here, for however long it takes for the divorce action to be finalized would prejudice both parties”).
Based on the Court's analysis under Rule 12(b)(6), abstention at the current time would be ill advised. The issues of authorization and access are relevant to only the CFAA and SCA claims, both of which the Court recommends should be dismissed for failure to state a claim, and to certain of the state law claims, which the Court recommends be dismissed for lack of pendent jurisdiction to the remaining federal ECPA claim. Authorization and access are not relevant to the ECPA claim concerning Defendant's recording of Plaintiff's phone calls. The actions thus are not sufficiently parallel to warrant abstention. See Philogene v. Duckett, No. 17-CV-7224, 2018 WL 3946447, *3-4 (S.D.N.Y. Aug. 16, 2018) (declining to stay federal action that derives from the same underlying business dispute as the state action because the two actions were not substantially identical); Dalzell Management Co., Inc. v. Bardonia Plaza, LLC, 923 F.Supp.2d 590, 598 (S.D.N.Y. 2013) (finding a federal action “for theft of computer data and wrongful eviction” and a state action “for breach of contract and breach of fiduciary duty” insufficiently parallel despite being “based on the same core facts”); DDR Construction Services, Inc. v. Siemens Industry, Inc., 770 F.Supp.2d 627, 645 (S.D.N.Y. 2011) (declining to abstain from federal action because, although it involved much of the same factual material as the concurrent State Court suit, the federal claims did not “involve substantially the same legal issues as [the state claims]; nor would resolution of the [state action] dispose all of [plaintiff's federal] claims”); Kingsway Financial Services, Inc v. Pricewaterhousecoopers, LLP., 420 F.Supp.2d 228, (S.D.N.Y. 2005) (“the state and federal proceedings are not truly parallel because the federal litigation may require the court to make determinations under exclusively federal law, which the state court may not decide”) (international quotations and citation omitted).
CONCLUSION
For the foregoing reasons, Defendant's motion to dismiss should be GRANTED IN PART and DENIED IN PART as follows: (1) the CFAA claim should be dismissed for failure to sufficiently plead the required $5,000 loss threshold; (2) the SCA claim should be dismissed for failure to sufficiently plead a “facility”; (3) the ECPA should be dismissed with respect to the Computer and Plaintiff's email as it fails to sufficiently plead contemporaneous interception of email; (4) the ECPA claim regarding the June 5, 2020 recording of Plaintiff's phone calls should not be dismissed; and (5) the state law claims should be dismissed without prejudice.
PROCEDURES FOR FILING OBJECTIONS
Pursuant to 28 U.S.C. § 636(b)(1) and Rules 72, 6(a), and 6(d) of the Federal Rules of Civil Procedure, the parties shall have fourteen (14) days to file written objections to this Report and Recommendation. Such objections shall be filed with the Clerk of Court, with extra copies delivered to the Chambers of the Honorable Gregory H. Woods, U.S.D.J., United States Courthouse, 500 Pearl Street, New York, NY 10007, and to the Chambers of the undersigned, United States Courthouse, 500 Pearl Street, New York, NY 10007. Failure to file timely objections will result in a waiver of objections and will preclude appellate review.