Wiretap Case Against Google Ducks Dismissal
SAN JOSE, Calif. (CN) - Google cannot halt a sprawling class action accusing it of violating wiretapping and privacy laws with its Gmail service, a federal judge ruled Thursday.
In California, lead plaintiffs Brad Scott and Todd Harrington claim that the web-based service scans emails for words and content, and intentionally intercepts messages between non-Gmail subscribers and subscribers.
Describing such actions as wiretapping and eavesdropping, the class there says Google is in violation of the California Invasion of Privacy Act, or CIPA. Google pointed out last year, however, that Scott and Harrington cannot cloak themselves with California privacy laws by filing suit in Marin County when they actually reside in Alabama and Maryland, with no connection to the Golden State.
The multi-district claims have since been combined into the massive In re Google, Inc. - Gmail Litigation, which Google asked U.S. District Judge Lucy Koh to dismiss earlier this month.
Koh declined the majority of Google's request Thursday, finding that Gmail's interceptions fall outside the narrow "ordinary course of business" exception carved out of the Electronic Communications Privacy Act, known as ECPA.
"The statute explicitly limits the use of service observing or random monitoring by electronic communication service providers to mechanical and service quality control checks," Koh wrote. "Accordingly, the statutory scheme suggests that Congress did not intend to allow electronic communication service providers unlimited leeway to engage in any interception that would benefit their business models, as Google contends. In fact, this statutory provision would be superfluous if the ordinary course of business exception were as broad as Google suggests."
Furthermore, the plaintiffs accuse Google of violating its own policies, which list specific platforms from which it could mine data - and email is not on the list. The new policies also failed to explicitly elicit consent from consumers, another exception to ECPA on which Google relied, Koh said.
"These new policies do not specifically mention the content of users' emails to each other or to or from non-users; these new policies are not broad enough to encompass such interceptions," the 43-page order states. "Furthermore, the policies do not put users on notice that their emails are intercepted to create user profiles. The court therefore finds that a reasonable Gmail user who read the privacy policies would not have necessarily understood that her emails were being intercepted to create user profiles or to provide targeted advertisements. Accordingly, the court finds that it cannot conclude at this phase that the new policies demonstrate that Gmail user Plaintiffs consented to the interceptions."
Koh also rejected Google's contention that federal law pre-empts causes of action brought under the California Invasion of Privacy Act, or CIPA. Given that Google does not own, operate or control telephone and telegraph lines, it cannot hide behind the public utilities exception in CIPA either.
But an interpretation by some courts that no Internet-based communication can be considered confidential led the judge to find that the plaintiffs failed to show a reasonable expectation of privacy in their complaint.
"Plaintiffs have not alleged facts that lead to the plausible inference that the communication was not being recorded because email by its very nature is more similar to internet chats," Koh wrote. "Unlike phone conversations, email services are by their very nature recorded on the computer of at least the recipient, who may then easily transmit the communication to anyone else who has access to the internet or print the communications."
The judge nevertheless gave the plaintiffs 21 days to show differently, citing "an abundance of caution."