Delivering a significant win for businesses hit with website wiretapping lawsuits, a California federal judge granted a defendant’s motion for summary judgment under the California Invasion of Privacy Act (“CIPA”) in Gutierrez v. Converse Inc., 2024 WL 3511648 (C.D. Cal. Jul. 12, 2024).
The website tool at issue in this case, like hundreds of other cases, was a third-party-enabled chat feature that businesses install on their websites to connect customers with live customer service agents. Plaintiff Nora Gutierrez alleged that she visited Defendant Converse’s website with this chat feature installed, and that the chat provider stored her chat communications with Converse’s customer service agents on its servers. Gutierrez characterized this practice as “wiretapping” and she asserted a claim against Converse for aiding and abetting the alleged wiretapping in violation of the first and second clause of CIPA section 631(a).
The Court granted Converse’s motion for summary judgment because the chat provider did not engage in any wiretapping as a matter of law. First, the Court reaffirmed that the first clause of section 631(a) applies solely to “telephone communications,” and it does not encompass use of a smart phone where, as here, Gutierrez “used her smart phone’s internet capabilities to utilize the chat feature.” Second, the chat provider did not violate the second clause because it did not “read or attempt to read or learn the contents” of Gutierrez’s chat messages “while in transit.” That is because Converse’s “uncontroverted evidence establishes messages sent through Defendant’s chat feature are encrypted while in transit,” and are “accessible only through a password-protected customer dashboard” after they are received on the chat provider’s servers. The Court rejected Gutierrez’s evidence raising “the mere possibility” that the provider “can” read the messages as “insufficient to establish a genuine issue of material fact.” In the absence of a predicate CIPA violation by the chat provider, the Court determined that Converse cannot be liable for aiding and abetting a non-existent CIPA violation.