From Casetext: Smarter Legal Research

Cahen v. Toyota Motor Corp.

UNITED STATES COURT OF APPEALS FOR THE NINTH CIRCUIT
Dec 21, 2017
No. 16-15496 (9th Cir. Dec. 21, 2017)

Summary

In Cahen, the plaintiffs claimed the defendants equipped their vehicles with computer technology that was susceptible to third-party hacking.

Summary of this case from Flynn v. FCA US LLC

Opinion

No. 16-15496

12-21-2017

HELENE CAHEN and MERRILL NISAM, individually and on behalf of all others similarly situated Plaintiffs-Appellants, v. TOYOTA MOTOR CORP.; et al., Defendants-Appellees.


NOT FOR PUBLICATION

D.C. No. 3:15-cv-01104-WHO MEMORANDUM Appeal from the United States District Court for the Northern District of California
William Horsley Orrick, District Judge, Presiding Argued and Submitted November 15, 2017 San Francisco, California Before: BERZON and FRIEDLAND, Circuit Judges, and SESSIONS, District Judge.

This disposition is not appropriate for publication and is not precedent except as provided by Ninth Circuit Rule 36-3.

The Honorable William K. Sessions III, United States District Judge for the District of Vermont, sitting by designation.

Helene Cahen and Merrill Nisam ("plaintiffs") appeal the district court's dismissal of their claims for violations of California's Unfair Competition Law ("UCL") (Count I), Consumers Legal Remedies Act ("CLRA") (Count II), and False Advertising Law ("FAL") (Count III), as well as for Breach of Implied Warranty of Merchantability (Count IV), Breach of Contract/Common Law Warranty (Count V), Fraud by Concealment (Count VI), Violation of Song-Beverly Consumer Warranty Act (Count VII), and Invasion of Privacy under Article I of the California Constitution (Count VIII). We conclude that the district court correctly found that plaintiffs failed to establish Article III standing for all of their claims.

1. We review the district court's dismissal for lack of Article III standing de novo. Nat'l Council of La Raza v. Cegavske, 800 F.3d 1032, 1039 (9th Cir. 2015); Vaughn v. Bay Envtl. Mgmt, Inc., 567 F.3d 1021, 1024 (9th Cir. 2009). Standing has three elements: "The plaintiff must have (1) suffered an injury in fact, (2) that is fairly traceable to the challenged conduct of the defendant, and (3) that is likely to be redressed by a favorable judicial decision." Spokeo, Inc. v. Robins, 136 S. Ct. 1540, 1547 (2016) (citing Lujan v. Defs. of Wildlife, 504 U.S. 555, 560-61 (1992); Friends of the Earth, Inc. v. Laidlaw Envtl. Servs. (TOC), Inc., 528 U.S. 167, 180-81 (2000)). The plaintiff bears the burden of establishing these elements, and when "a case is at the pleading stage, the plaintiff must 'clearly . . . allege facts demonstrating' each element." Id. (quoting Warth v. Seldin, 422 U.S. 490, 518 (1975)). "To establish injury in fact, a plaintiff must show that he or she suffered an invasion of a legally protected interest that is concrete and particularized and actual or imminent, not conjectural or hypothetical." Friends of the Earth, Inc., 528 U.S. at 1548 (quoting Lujan, 504 U.S. at 560); see also Clapper v. Amnesty Int'l USA, 568 U.S. 398, 409 (2013).

2. Plaintiffs claim that their vehicles are vulnerable to being hacked because their vehicles' computer systems lack security. Plaintiffs allege that "[a]s a result of Defendants' unfair, deceptive, and/or fraudulent business practices, and their failure to disclose the highly material fact that their vehicles are susceptible to hacking and neither secure nor safe, owners and/or lessees of Defendants' vehicles are currently at risk of theft, damage, serious physical injury, or death as a result of hacking, and they will continue to face this risk until they are notified of the dangers associated with their vehicles and are given funds and guidance by Defendants as to how to correct the security defects, or until Defendants correct them." Plaintiffs also allege that they have been injured because their vehicles are worth less than what they paid for them due to these hacking vulnerabilities and allege that their privacy is invaded due to defendants' collection of vehicle data.

3. Plaintiffs have failed to sufficiently allege an injury due to the risk of hacking itself. For their Breach of Implied Warranty of Merchantability, Breach of Contract/Common Law Warranty, Fraud by Concealment, and Violation of Song-Beverly Consumer Warranty Act claims, plaintiffs allege that the risk of hacking itself is the source of their injury.

We note that on appeal, plaintiffs seem to have abandoned their arguments relating to injuries from the risk of hacking itself. Plaintiffs' Opening Brief focuses solely on their economic loss theory. --------

Plaintiffs do not allege that any of their vehicles have actually been hacked. More importantly, they do not allege that they are aware of any vehicles that have been hacked outside of controlled environments. Even though no hacking has occurred, plaintiffs allege that hacking is an "imminent eventuality," that defendants have known for a long time about these security vulnerabilities, and that defendants have nonetheless marketed their vehicles as safe. These alleged risks and defects are speculative. Article III standing requires a concrete and particularized injury to plaintiffs' interests that is simply not alleged in the First Amended Complaint.

4. Plaintiffs have failed to sufficiently allege an injury due to overpaying for their vehicles. For their UCL, CLRA, and FAL claims, plaintiffs allege that they suffered an injury because they either would not have purchased their vehicles or would have paid less for them had they known about these hacking risks. This economic loss theory is not credible, as the allegations that the vehicles are worth less are conclusory and unsupported by any facts. The district court was correct in noting that "plaintiffs have not, for example, alleged a demonstrable effect on the market for their specific vehicles based on documented recalls or declining Kelley Bluebook values . . . [n]or have they alleged a risk so immediate that they were forced to replace or discontinue using their vehicles, thus incurring out-of-pocket damages." Additionally, "[n]early 100% of cars on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions." Thus, plaintiffs have only made conclusory allegations that their cars are worth less and have not alleged sufficient facts to establish Article III standing.

5. Finally, Plaintiffs have failed to sufficiently allege an injury due to invasion of their privacy. Plaintiffs claim that defendants collect data from their vehicles and share the data with third parties. However, there are no specific allegations as to why this data is sensitive or individually identifiable to particular drivers, cf. Eichenberger v. ESPN, Inc., 2017 WL 5762817, at *4 (9th Cir. Nov. 29, 2017). Plaintiffs have not pleaded sufficient facts demonstrating how the aggregate collection and storage of non-individually identifiable driving history and vehicle performance data cause an actual injury. See Lujan, 504 U.S. at 560.

The district court's decision is AFFIRMED.


Summaries of

Cahen v. Toyota Motor Corp.

UNITED STATES COURT OF APPEALS FOR THE NINTH CIRCUIT
Dec 21, 2017
No. 16-15496 (9th Cir. Dec. 21, 2017)

In Cahen, the plaintiffs claimed the defendants equipped their vehicles with computer technology that was susceptible to third-party hacking.

Summary of this case from Flynn v. FCA US LLC
Case details for

Cahen v. Toyota Motor Corp.

Case Details

Full title:HELENE CAHEN and MERRILL NISAM, individually and on behalf of all others…

Court:UNITED STATES COURT OF APPEALS FOR THE NINTH CIRCUIT

Date published: Dec 21, 2017

Citations

No. 16-15496 (9th Cir. Dec. 21, 2017)

Citing Cases

Flynn v. FCA US LLC

Defendants moved for reconsideration and renewed their standing challenge in January 2018, based on a…

Tarsio v. FCA U.S. LLC

Plaintiff does not, for example, “allege[] a demonstrable effect on the market for their specific vehicles…