Summary
finding that "at minimum the web site is a `user' of that communication service"
Summary of this case from In re Pharmatrak, Inc. Privacy LitigationOpinion
No. C00-1964C.
September 14, 2001.
Seth R. Lesser, Andrew M. Gschwind, ernstein Litowitz Berger Grossman, LLP, New York City, Alan Mansfield, William J. Doyle, II, Milberg Weiss Bershad Hynes Lerach, San Diego, CA, Clifford Allen Cantor, Sammanish, VA, Brian J. Robbins, Cauley Geller Bowman Coates, San Diego, CA, Lori G. Feldman, Milberg Weiss Bershad Hynes Lerach, Seattle, WA, Adam J. Levitt, Wolf Galdenstein Adler Freeman Herz, Chicago, IL, for plaintiffs.
David J. Burman, Barry M. Kaplan, Andrea Blander, Perkins Coie, Seattle, WA, Jeffrey J. Miller, Seattle, WA, for defendant.
ORDER
This matter is before the Court on Defendant's motion for summary judgment (Dkt. Nos. 23 33) and Plaintiffs' motion to strike portions of declarations and the summary judgment motion (Dkt. No. 45). Plaintiffs, in their Opposition to Avenue A's Motion for Summary Judgment (Dkt. No. 41), have requested the Court to defer consideration of the motion for summary judgment pursuant to Rule 56(f). Also pending before the Court is Plaintiffs' motion for class certification (Dkt. No. 13). For the reasons stated below, the Court GRANTS the motion for summary judgment and DENIES as moot the remaining motions. The Court further DENIES Plaintiffs' request for a Rule 56(f) continuance of the summary judgment motion.
I. Background
Plaintiffs are individuals who allegedly have used the Internet, visited web sites, and had an Avenue A "cookie" placed on their computers, thus permitting Avenue A to monitor their electronic communications without their knowledge, authorization or consent. ( See First Am.Consol. Class Action Compl. ("Complaint") ¶¶ 8-14; Pls.' Mot. for Class Certification at 1.) The seven named plaintiffs hope to bring this action on behalf of an immense class of Internet users, numbering in the tens of millions. (Compl. ¶ 35.) They claim that Avenue A has violated the Wiretap Act (Title I of the Electronic Communications Privacy Act ("ECPA")), the Stored Communications Act (Title II of ECPA), the Computer Fraud and Abuse Act ("CFAA"), several state common law causes of action including invasion of privacy, trespass, unjust enrichment, and Washington statutes protecting against wiretapping and deceptive and unfair business practices. (Compl. ¶¶ 74-127.)
The issue of Internet privacy has been attracting increased national attention, see John Schwartz, Giving Web a Memory Cost Its Users Privacy, N.Y. Times, Sept. 4, 2001, at Al, and has been the subject of intense regulatory and legislative debate, see Jessica J. Thill, The Cookie Monster: From Sesame Street to Your Hard Drive, 52 S.C.L.Rev. 921, 928-31 (2001); John Schwartz, Government is Wary of Tackling Online Privacy, N.Y. Times, Sept. 6, 2001, at C1. Not surprisingly, privacy advocates have also had their say in court. Plaintiffs' attorneys have brought nearly identical claims against other leading digital advertising and media companies such as DoubleClick and MatchLogic. In a very thorough opinion, the District Court for the Southern District of New York recently dismissed with prejudice a virtually identical claim against DoubleClick under Rule 12(b)(6). See In re DoubleClick Inc. Privacy Litigation, 154 F. Supp.2d 497 (S.D.N.Y. 2001). Plaintiffs' attorneys indicate they are currently appealing the DoubleClick dismissal. In another case pleading similar causes of action against a single web site (www.quicken.com), the District Court for the Central District of California denied defendant's 12(b)(6) motion under the Stored Communications Act and granted it, with leave to file an amended complaint, on claims under the CFAA and Wiretap Act. See In re Intuit Privacy Litigation, 138 F. Supp.2d 1272 (C.D.Cal. 2001). The Intuit decision was handed down a mere two weeks after the DoubleClick opinion and does not reference it at all.
II. Facts: the Internet, Cookies, and Action Tags
Although minimal discovery has taken place in this case to date, the facts which are at the core of the three federal claims involve the general technological operation of the Internet, cookies, and action tags, and these are not disputed by the parties. Many of the intricacies of the Internet and cookies have been detailed in other judicial opinions, see Reno v. ACLU, 521 U.S. 844, 117 S.Ct. 2329, 138 L.Ed.2d 874 (1997) (description of the Internet); DoubleClick, 154 F. Supp.2d at 497-504 (description of the Internet, cookies and GIF tags). Nonetheless, a brief summary of how cookies and action tags function is appropriate here.
A. Cookies
Cookies are data files placed on a computer's hard drive by a web site, or more properly the web site's server. Cookies enable much of the information exchange that occurs on the Internet by allowing the interactions between a specific computer and a web server to develop a memory of the communications between the two parties. Many web sites use cookie technology to create a memory of such common activities as a user's login or electronic shopping. (Lipsky Decl. ¶ 15.) Any cookie that is placed on a computer can only be read by the web site that created it or an affiliated site.
When a user directs his computer, through a web browser such as Internet Explorer or Netscape Communicator to a web site like nytimes.com, the user's browser essentially sends a message to the web site's server instructing the server to deliver that nytimes.com's home page to the user's computer for viewing. (Curtin Decl. ¶ 7.) Web sites often have blank spaces for "banner advertisements," and Avenue A serves as an intermediary between the host web site and the advertising web site. Once it receives the initial communication from the user's browser, the web server's programming code directs it to return a communication to the user consisting of two parts: the web page requested and an IP-address link to the Avenue A server. This link then directs the user's computer to send a communication automatically to Avenue A's server. Per the IP-address instruction, the user's computer sends a communication to Avenue A's server identifying the Avenue A-specific cookie on that particular computer. (Curtin Decl. ¶ 12.) The cookie, which can only be read by the web server that placed it on the hard drive, or an affiliated server, contains information identifying the specific computer and often the computer user's previous web viewing history. (Curtin Decl. ¶ 13.) This communication instructs Avenue A's server to send the computer a banner advertisement to fill the blank space on the nytimes.com home page. Avenue A's server analyzes its cookie and sends an advertisement targeted at what it believes to be the user's preferences. (Curtin Decl. ¶ 21.) For example, a person who visits the U.S. Open tennis page might get an advertisement about Spalding tennis equipment. Each time the user's computer accesses a web site affiliated with Avenue A (and subsequently the Avenue A server), the cookie on that computer is updated to incorporate this web page request. Similarly, if the user clicks on the banner advertisement, that information is also recorded in the cookie.
B. Action Tags
Closely related to cookies are action, or GIF, tags, which Plaintiffs refer to as "web bugs." Action tags are extremely small tags placed on web sites. They are invisible to the user viewing the nytimes.com page, yet they record the user's movement throughout the site. Action tags enable Avenue A to learn what information the user sought and viewed, in part to determine if the layout of the web page is facilitating user access and navigation. By monitoring the mouse movements and key strokes of the user, ostensibly communications between the user's computer and the web site, Avenue A is able to update its cookie on the user's hard drive to reflect the user's web viewing habits. ( See Curtin Decl. ¶ 17.)
C. Rerouting through the DoubleClick Server
As discussed above, the programming code on web sites affiliated with Avenue A directs a user's computer to the Avenue A server when the user accesses the web site. This communication directed from the web site to the Avenue A server is relatively straightforward if the web site is affiliated with Avenue A. Plaintiffs in this case, in contrast to DoubleClick, allege that some web sites with no programming code related to Avenue A nonetheless communicate with and receive advertisements from Avenue A's server. (Curtin Decl. ¶ 26.) This is accomplished by using the DoubleClick server as an intermediary to "re-route" the communication from the user's computer to the Avenue A server. ( Id.) Defendant explains this as a result of Avenue A's purchase of advertising space on DoubleClick-affiliated web sites. (Def.'s Reply in Supp. of Summ.J. at 4.)
III. Legal Standard: Summary Judgment and Rule 56(f) Continuance of Summary Judgment
Rule 56 states that a party is entitled to summary judgment "if the pleadings, depositions, answers to interrogatories, and admissions on file, together with the affidavits, if any, show that there is no genuine issue as to any material fact and that the moving party is entitled to a judgment as a matter of law." Fed.R.Civ.P. 56(c). The nonmoving party, if it has the burden of proof at trial, must present evidence sufficient to raise a genuine issue for trial. See Celotex Corp. v. Catrett, 477 U.S. 317, 322, 106 S.Ct. 2548, 91 L.Ed.2d 265 (1986). See also Matsushita Elec. Indus. Co. v. Zenith Radio Corp., 475 U.S. 574, 586-87, 106 S.Ct. 1348, 89 L.Ed.2d 538 (1986); Adickes v. S.H. Kress Co., 398 U.S. 144, 154, 90 S.Ct. 1598, 26 L.Ed.2d 142 (1970). In determining whether an issue of fact exists, all evidence and reasonable inferences must be viewed in the light most favorable to the nonmoving party. See Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 106 S.Ct. 2505, 91 L.Ed.2d 202 (1986).
Rule 56(f) allows the court to guard against premature summary judgment, particularly in complicated factual disputes where there has not been a full opportunity for discovery. See Texas Partners v. Conrock Co., 685 F.2d 1116, 1119 (9th Cir. 1982). The rule grants the trial court broad discretion to hear or defer ruling on an early summary judgment motion. See SEC v. Liberty Capital Group, Inc., 75 F. Supp.2d 1160, 1164 (W.D.Wash. 1999).
The party invoking Rule 56(f) cannot just point to the mere possibility of facts that will support its position. In support of a Rule 56(f) motion the party must submit "affidavits setting forth particular facts expected from the movant's discovery," and must specify how those facts would preclude summary judgment. Mackey v. Pioneer Nat'l Bank, 867 F.2d 520, 523-24 (9th Cir. 1989). Further, the motion should be denied where "it is clear that the evidence sought is almost certainly nonexistent or is the subject of pure speculation." Terrell v. R.D. Brewer, 935 F.2d 1015, 1018 (9th Cir. 1991). The proper inquiry for the trial court is whether it can reasonably conclude the that Rule 56(f) movant has "failed to make a sufficient showing that further discovery would raise a triable issue of fact as to [the issue]." VISA Int'l Serv. Ass'n v. Bankcard Holders of Amer., 784 F.2d 1472, 1475 (9th Cir. 1986).
IV. Plaintiffs' Motion to Strike
As an initial matter, Plaintiffs' have filed a motion to strike certain portions of the Declaration and Supplemental Declaration of Tri Tran, the Director of Privacy Affairs for Avenue A. Plaintiffs argue that the statements are hearsay, the form of the certification is not correct, and that Mr. Tran is not a qualified expert to testify to these matters. Plaintiffs further move to strike specific parts of Defendant's Motion for Summary Judgment because they are assertions made without any admissible support.
While some of the Plaintiffs' assertions are well-founded, particularly those with respect to Mr. Tran's statements about the poll and survey results regarding internet use, a detailed ruling on each of the objectionable statements is not necessary. None of the statements which Plaintiffs move to strike are necessary to the Court's determination of summary judgment for the Defendant. Therefore, Plaintiffs' motion is DENIED as moot. Further, the Court declines to take judicial notice of certain facts in the Tran Declaration, pursuant to Defendant's request.
V. Summary Judgment: Plaintiff's Federal Causes of Action
A. Computer Fraud and Abuse Act
The CFAA prohibits a party from intentionally accessing a protected computer without authorization, "knowingly caus[ing] the transmission of a program, information, code, or command," and as a result caus[ing] damage, 18 U.S.C. § 1030(a)(5)(A), generally causing damage to such a computer, § 1030(a)(5)(B) (C), or accessing and obtaining "information from any protected computer if the conduct involved an interstate or foreign communication," § 1030(a)(2)(C). A person who suffers "damage or loss" from a violation of the section may maintain a civil action. § 1030(g). Critical to Plaintiffs' case is § 1030's definition of "damage":
[T]he term "damage" means any impairment to the integrity or availability of data, a program, a system, or information, that —
(A) causes loss aggregating at least $5,000 in value during any 1-year period to one or more individuals;
(B) modifies or impairs, or potentially modifies or impairs, the medical examination, diagnosis, treatment, or care of one or more individuals;
(C) causes physical injury to any person; or
(D) threatens public health or safety. . . .
18 U.S.C. § 1030(e)(8). Plaintiffs only allege "damage" under § 1030(e)(8)(A), but they also claim to have suffered "cognizable loss, including loss of control over their private information and property rights." (Compl. ¶ 94.)
The CFAA requires that the $5,000 threshold of damage be met in order to state a valid cause of action. Plaintiffs allege damages that exceed this threshold, but their reasoning suffers one significant flaw. The damage amount can be aggregated across both time and individual computers, but it cannot be aggregated across separate acts. By its plain language, the statute uses the singular of "impairment" to limit the damages threshold to a single act or event. See DoubleClick, 154 F. Supp.2d at 523; In re America Online, Inc. Version 5.0 Software Litig., No. 00-1341, 2001 U.S.Dist. LEXIS 6595, at *35 (S.D.Fla. Apr. 19, 2001) ("[D]amage is to be measured as it stems from one act. . . ."). The legislative history of the CFAA further supports this interpretation. See In re America Online, 2001 U.S.Dist. LEXIS 6595, at *36 (quoting S.Rep. 99-474). Plaintiffs' use of Judge Moreno's opinion in In re America Online to support its theory of aggregation is unavailing. In that case, the aggregation theory rejected by the court was that of damage to multiple computers, not damage from multiple acts. See id. at *35-*38. In light of the clear language and intent of the statute to limit the damages calculation to discrete acts, it is necessary to look at the specific "`act' alleged" here. It is undisputed that each time a web page sends a message to a user's computer instructing the computer to communicate the contents of the cookie on the user's hard drive with Avenue A, it is an individual, singular act. Granted, many of these discrete acts transpire in rapid succession when a user views a series of web pages, but each communication between web page and computer involves a separate "access" of the cookie. Plaintiffs have not shown any facts that prove an aggregate damage of over $5,000 for any single act of the Defendant, from either the initial placement of an Avenue A cookie or a subsequent accessing of this cookie.
Although the extent of damages is a factual matter, further discovery under a Rule 56(f) continuance is not warranted. One of the primary factors guiding the district court's discretion to grant a Rule 56(f) continuation and to allow more time for discovery is whether the facts sought to oppose summary judgment are in the exclusive possession or knowledge of the moving party. See Charles A. Wright, Arthur R. Miller and Mary Kay Kane, 10B Federal Practice and Procedure § 2741 (1998). Here, Plaintiffs have complete access to their own computers and facts related to any damage or loss associated with each act of alleged access by Avenue A. Their failure to show specific evidence of aggregate damage over $5,000 for any single act of the Defendant is not surprising, nor does it warrant a delay for more discovery. Unlike a computer hacker's illegal destruction of computer files or transmission of a widespread virus which might cause substantial damage to many computers as the result of a single act, here the transmission of an internet cookie is virtually without economic harm. Plaintiffs present no evidence to contradict this simple fact.
Plaintiffs attempt to circumvent the statute's $5,000 threshold by arguing that "loss," as opposed to "damages," is not subject to that threshold. 18 U.S.C. § 1030(g). The statute is ambiguous on this issue. Subsection 1030(g) states in part: "Any person who suffers damage or loss . . . may maintain a civil action. . . . Damages for violations involving damage as defined by subsection (e)(8)(A) are limited to economic damages." Id. (emphasis added). Plaintiffs' argument has some merit because the section as a whole is inconsistent regarding the interrelationship of "damage" and "loss." The definition of "damage" covers actions that "cause loss aggregating at least $5,000. . . ." § 1030(e)(8)(a) (emphasis added). Although here the statute seems to incorporate loss in the threshold amount for "damage" liability, a fair reading of § 1030(g)'s plain, but ambiguous, language would give the two words independent meaning. See Beisler v. Comm'r of Internal Revenue, 814 F.2d 1304, 1307 (9th Cir. 1987) (en banc) (avoiding interpretation of a statute that renders any part of it superfluous).
Nonetheless, the context of the statute requires an inclusion of "loss" within the $5,000 damages threshold. To read the statute differently would yield the absurd result that any "loss" different from pure economic damages would not be subject to any threshold amount. It is well settled that the plain language should control "except in the rare cases in which the literal application of a statute will produce a result demonstrably at odds with the intention of its drafters." In re Been (Cal. Cent. Trust Bankcorp v. Been), 153 F.3d 1034, 1036 (9th Cir. 1998). Plaintiffs' interpretation of the $5000 threshold contradicts the Congressional intent to punish only the most severe of computer fraud actions. The legislative history, as illuminated in the DoubleClick opinion, makes it utterly clear that Congress added "loss" in 1994 only to encompass remedial costs such as resecuring a computer system that had been compromised without causing any actual damage to the system itself. 2001 WL 303744, at *20-*21 (citing S.Rep. No. 104-357 (1996)). The court went on to quote the Senate Report: "If the loss to the victim meets the required monetary threshold, the conduct should be criminal and the victim should be entitled to relief." Id. (emphasis added). Thus, the legislative history provides a clear answer to the ambiguity created by the statute's plain language. Courts have unanimously adopted this interpretation of the statute. See In re Intuit, 138 F. Supp.2d at 1281; DoubleClick, 2001 WL 303744, at *19-*21.
Because Plaintiffs have not shown any evidence that each alleged act of Defendant has caused them at least $5,000 of damage or loss, judgment as a matter of law is proper on Plaintiffs' claim arising under the Computer Fraud and Abuse Act.
B. The Stored Communications Act
The Stored Communications Act (Title II of the ECPA), 18 U.S.C. § 2701 et seq, prohibits unauthorized access of electronic communications stored on the facilities of certain providers of electronic communication service. It was enacted in 1986 with the primary objective of preventing computer hackers from obtaining or destroying electronic communications that were stored incident to their transmission. See DoubleClick, 2001 WL 303744, at *7 (citing cases). More specifically, the Act provides:
Except as provided in subsection (c) of this section whoever —
(1) intentionally accesses without authorization a facility through which an electronic communication service is provided; or
(2) intentionally exceeds an authorization to access that facility; and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system shall be punished as provided. . . .18 U.S.C. § 2701(a). Subsection (c) contains the primary exceptions to the act, and encompasses conduct that is authorized "(1) by the person or entity providing a wire or electronic communications service; [or] (2) by a user of that service with respect to a communication of or intended for that user." 18 U.S.C. § 2701(c) (emphasis added).
Plaintiffs raise numerous factual claims regarding whether Plaintiffs' computers are "facilities through which an electronic communication service is provided," whether there is "authorization," or even if Avenue A "accessed" plaintiffs' computers. Many of the facts regarding these elements of the cause of action are in dispute. Although the Act was intended to cover such mid-1980s technological facilities as telephone companies, email servers, and bulletin boards, modern technology has placed the personal computer at a focal point of Internet communications. While both parties agree that Internet service providers are "facilities" covered by the Act, they dispute whether a user's individual computer provides any "electronic communication service." Viewing this factual dispute in the light most favorable to the nonmovant, as is required on summary judgment, it is possible to conclude that modern computers, which serve as a conduit for the web server's communication to Avenue A, are facilities covered under the Act. Although this observation of the disputed facts initially works in Plaintiffs' favor, the subsequent implications of this rather strained interpretation of a "facility through which an electronic communication service is provided" are fatal to their cause of action.
If a user's computer is in fact a "facility" covered under the act, then at minimum the web site is a "user" of that communication service. It naturally follows that any communication between the individual computer and the web site is a communication "of or intended for" that user. See DoubleClick, 154 F. Supp.2d 497, 508, 513. Once it is established that web sites are "users" and the communications allegedly accessed by Avenue A are "of or intended for them," the § 2701(c)(2) exception only requires that the web site "authorize" Avenue A's conduct. Plaintiffs again urge the Court for more time to resolve the factual issue of consent and authorization. They argue that many web sites do not know that Avenue A is accessing their communications or understand the technology that enables Defendant to do so. (Complaint ¶ 69.) This assertion cannot withstand scrutiny. Any web site for which Avenue A provides advertisements must have written the programming code required to direct Plaintiffs' computers to Avenue A's server. Given the technological and commercial relationship between web sites and Avenue A, it is implausible to suggest that any such "access" by Avenue A was not intended or authorized by the web site. In fact, the opposite conclusion is inescapable: the very raison d'etre of Avenue A is to provide web sites with targeted advertising, and it cannot do so without the collaboration and consent of those sites. See DoubleClick, 154 F. Supp.2d at 509 ("Plaintiffs have offered no explanation as to how, in anything other than a purely theoretical sense, the DoubleClick-affiliated Web sites could have played such a central role in the information collection and not have authorized DoubleClick's access.").
Such authorization and consent between Defendant and Avenue A-affiliated web sites is without doubt. This case, however, presents a factual difference from DoubleClick, as Plaintiffs have alleged that Avenue A accesses certain web sites that have no commercial affiliation with Avenue A. In fact, these sites have a commercial relationship with DoubleClick, which allows Avenue A to supply the sites with advertising. (Curtin Decl. ¶ 26.) Even though these web pages may contain no code related to Avenue A, they do contain the basic programming required to route the communication to DoubleClick's server, which in turn "reroutes" it to Avenue A's server. Although this is a significant factual difference from DoubleClick, it leads to the identical legal conclusion. DoubleClick still has the necessary authorization from the web site to escape liability under § 2701(c)(2) and the rerouting is irrelevant after that initial authorization. The statute only addresses the entity that "accesses" the communication, not any party to which the authorized accessor decides to route it, such as Avenue A in this case. Because the web site has in all cases authorized either Avenue A or DoubleClick to access the communication between the computer user and the web site, the § 2701(c)(2) exception applies, and the end result of no liability is the same.
Because the basic facts of Internet operation and web site codes which direct communications to Avenue A are undisputed and are sufficient to resolve this claim, no further discovery under a Rule 56(f) motion is warranted. In sum, web sites are users of the electronic communication service provided, as Plaintiffs allege, by personal computers accessing the Internet, and Avenue A's alleged access of the communications between personal computers and web sites is authorized by the web sites. As a result, the exception to the Stored Communications Act applies to Avenue A and judgment as a matter of law is appropriate.
C. The Wiretap Act
The Wiretap Act (Title 1 of the ECPA), 18 U.S.C. § 2510 et seq., prohibits the intentional interception or any "wire, oral, or electronic communication," 18 U.S.C. § 2511(1)(a). Like The Stored Communications Act, the Wiretap Act provides for exceptions to its proscriptions. The exception relevant to this case states:
It shall not be unlawful under this chapter for a person not acting under color of law to intercept a wire, oral, or electronic communication where such person is a party to the communication or where one of the parties to the communication has given prior consent to such interception unless such communication is intercepted for the purpose of committing any criminal or tortious act in violation of the Constitution or laws of the United States or of any State.18 U.S.C. § 2511(2)(d) (emphasis added). Defendant argues that this exception eliminates all possible liability under the Wiretap Act, and even if it does not, that Avenue A never intercepted the "contents" of the communications or did so in good faith. Because the Court finds that the § 2511(2)(d) exception applies, it is not necessary to address the Defendant's latter two contentions.
The exception requires a party to the communication to consent to the interception and that the interception be without any criminal or tortious purpose. The first requirement is satisfied by reasoning identical to the "authorization" issue under the exception to the Stored Communications Act. See DoubleClick, 154 F. Supp.2d at 514 (analyzing the Stored Communications Act and the Wiretap Act and finding no difference between the terms "user" and "party to the communication" or between "authorize" and "consent"). One-party consent is sufficient to negate liability under the consent prong of the Wiretap Act's exception. See United States v. Caceres, 440 U.S. 741, 750, 99 S.Ct. 1465, 59 L.Ed.2d 733 (1979). It is implicit in the web pages' code instructing the user's computer to contact Avenue A, either directly or via DoubleClick's server, that the web pages have consented to Avenue A's interception of the communication between them and the individual user.
Whether Avenue A allegedly intercepted these communications with a tortious purpose is another matter. Under Ninth Circuit law, even a legitimate purpose does not alone sanitize an interception that was also made for an illegitimate purpose. See Sussman v. ABC, 186 F.3d 1200, 1202 (9th Cir. 1999). The Sussman court also highlighted the difference between tortious "purpose" and "means," emphasizing that the statute only prohibits the former: "Where the purpose is not illegal or tortious, but the means are, the victims must seek redress elsewhere." Id. at 1202-03. See also DoubleClick, 154 F. Supp.2d at 515 (citing agreement of other circuits). Further clarifying the requisite showing of tortious or criminal purpose, it is necessary that such purpose must be either the "primary motivation" or the "determinative factor in the actor's motivation for intercepting" the communication. DoubleClick, at 514 (quoting United States v. Dale, 991 F.2d 819, 841 (D.C. Cir. 1993)).
The fact that any such information would be exclusively in the Defendant's possession is the strongest argument in support of Plaintiffs' request for a Rule 56(f) continuance for more discovery. Nonetheless, this Court finds that Plaintiffs have pointed to no specific evidence in Defendant's possession that would reveal a tortious or illegal purpose of the alleged interception. Keeping in mind that liability would only be possible if the tortious purpose were the primary motivation or determinative factor in Avenue A's actions, it is merely speculative that further discovery will uncover evidence supporting such a purpose. Even if Plaintiffs are ultimately successful in showing that Avenue A's actions were themselves tortious under state law, this will not suffice to show that its purpose was illegal or tortious. See Sussman, 186 F.3d at 1202-03. Here, the Court finds that Plaintiffs have failed to make a sufficient showing that further discovery would raise a triable issue. See VISA, 784 F.2d at 1475. It is simply implausible that the entire business plan of one of the country's largest Internet media companies would be "primar[ily] motivated" by a tortious or criminal purpose. Further discovery would only confirm this inevitable conclusion. Because the undisputed facts show that the web pages have consented, and it is merely speculative that further discovery will reveal a tortious purpose behind Avenue A's technological and commercial modus operandi, the § 2511(2)(d) exception to the Wiretap Act is applicable and judgment as a matter of law for the Defendant on this claim is proper.
VI. State Claims and Class Certification
In addition to the three federal claims discussed above, Defendant has made an argument against the state law claims based on the commerce clause. Because the Court is dismissing all three federal causes of action, it is not necessary to address the state law claims. District courts are granted broad discretion to exercise supplemental jurisdiction under 28 U.S.C. § 1367(c). This Court finds that once the three federal claims are dismissed, novel and complex issues of state law predominate. Further, Plaintiffs' only claim of original federal jurisdiction was based on its three federal causes of action, all of which have been dismissed. Therefore, the Court declines to exercise supplemental jurisdiction over Plaintiffs' remaining state claims, and they are dismissed as well.
Plaintiffs' Motion for Class Certification, after all claims have been dismissed, is moot.
VII. Conclusion
For the reasons stated above, Defendant's Motion for Summary Judgment (Dkt. Nos. 23 33) is GRANTED. Plaintiffs Motion to Strike (Dkt. No. 45) is DENIED as moot. Finally, Plaintiffs Motion for Class Certification (Dkt. No. 13) is DENIED as moot.
The Clerk is directed to enter judgment accordingly.