Opinion
2:18-cv-06975-ODW (KSx)
03-28-2023
MICHAEL TERPIN, Plaintiff, v. AT&T MOBILITY, LLC et al., Defendants.
ORDER GRANTING DEFENDANT'S MOTION FOR SUMMARY JUDGMENT [167] [168]; AND DENYING EX PARTE APPLICATION AS MOOT [239] UNDER SEAL
OTIS D. WRIGHT, II UNITED STATES DISTRICT JUDGE
I. INTRODUCTION
Plaintiff Michael Terpin initiated this action against AT&T Mobility, LLC for its alleged role in Terpin's loss of $24 million in cryptocurrency. AT&T moves for summary judgment on Terpin's remaining claims for negligence, unauthorized disclosure in violation of the Federal Communications Act (“FCA”), breach of contract, and declaratory relief. (Mot. Summ. J. (“Mot.” or “Motion”), ECF Nos. 167 (sealed), 168 (redacted).) The Motion is fully briefed. (See Opp'n, ECF Nos. 232 (redacted), 233 (sealed); Reply, ECF No. 197.) For the reasons that follow, the Court GRANTS AT&T's Motion.
Having carefully considered the papers filed in connection with the Motion, the Court deemed the matter appropriate for decision without oral argument. Fed.R.Civ.P. 78; C.D. Cal. L.R. 7-15.
II. BACKGROUND
As it must on a motion for summary judgment, the Court sets forth the material facts, some of which are disputed, and views all reasonable inferences to be drawn from them in the light most favorable to Terpin, the non-moving party. Scott v. Harris, 550 U.S. 372, 378 (2007).
A. Useful Basics
This case involves “SIM swaps” and “cryptocurrency wallets,” subjects on which many may lack familiarity. The parties oblige with the following undisputed and useful basics.
1. SIM Swap
Cellular phones, tablets, and other mobile devices utilize an integrated microchip called a subscriber identity module (“SIM”); this SIM enables the device to authenticate to its wireless network. (Def.'s Statement Uncontroverted Facts (“SUF”) 1, ECF No. 167-2.) The wireless network uses SIM identification information to associate the specific device with a phone number, in order to route communications and associate wireless services with a specific customer account. (SUF 2.) A “SIM swap” occurs when a phone number associated with one SIM becomes associated with a different SIM; no information contained on the previous SIM is transferred to the new SIM, other than the phone number. (SUF 3.)
2. Cryptocurrency
A cryptocurrency wallet is an application that holds the private keys necessary to access or transact cryptocurrency. (SUF 4.) Wallets do not physically hold cryptocurrency, but rather hold only the private keys required to transact with a given wallet address. (SUF 5.) Wallets can be accessed remotely only when the user inputs the appropriate access credentials. (SUF 6.) A SIM swap cannot result in a loss of cryptocurrency using remote electronic means unless the access credentials to the relevant wallet are available in an internet-accessible location, i.e., online. (SUF 8.)
B. Terpin's AT&T Wireless Service
Terpin has used his 310 phone number since 1996. (SUF 9.) The 310 number was published online prior to the events that form the basis for Terpin's claims in this action. (SUF 12, 13.) By at least 2011, Terpin contracted with AT&T for wireless services relating to the 310 number (“Wireless Customer Agreement” or “WCA”). (SUF 10.)
AT&T's WCA incorporates its Privacy Policy and terms of service. (SUF 14.) Under the WCA, AT&T was obligated to provide Terpin “mobile telephone services,” which included the ability to make phone calls, send and receive messages and emails, access the internet, and use a variety of applications. (SUF 15.) AT&T's liability under the WCA is limited, as the WCA excludes “indirect, special, punitive, incidental or consequential losses or damages [the customer] or any third party may suffer by use of” the services and software AT&T provides. (SUF 16.) In the Privacy Policy, AT&T explains how customer confidential information is defined and protected, and specifically defines customer proprietary network information (“CPNI”) as information about a customer's phone service, like “what kind of services [they] have, how [they] use the[] [services], or billing information.” (SUF 17.) The Privacy Policy expressly excludes from the definition of CPNI a customer's telephone number, name, and address. (Id.)
In 2013, Terpin began investing in cryptocurrency. (SUF 7.) In June 2017, Terpin's 310 number was SIM swapped. (Pl.'s Statement Genuine Disputes (“SGD”) 11, ECF No. 233-5; Pl.'s Statement Additional Material Facts (“AMF”) 33, ECF No. 233-5.) The June 2017 SIM swap itself is not at issue in this case, but Terpin contends that he informed an AT&T representative at that time that he lost cryptocurrency in the June 2017 SIM swap. (SGD 11; AMF 33.) AT&T disputes that Terpin informed AT&T prior to January 2018 that Terpin held cryptocurrency. (Resp. AMF 33, ECF Nos. 227 (sealed), 230 (redacted).)
In violation of the Court's Case Management Order, Terpin does not number his additional material facts sequentially to follow AT&T's statement of uncontroverted facts. (See Scheduling and Case Management Order (“Scheduling Order”) 7, ECF No. 53.) Terpin's noncompliance creates unnecessary confusion with respect to the factual statements. Accordingly, for clarity, the Court.
After June 2017, AT&T changed the security level on Terpin's account from “Standard” to “Extra,” and added a special instruction that representatives should not validate the account absent a new passcode. (AMF 36, 37.)
The Court SUSTAINS AT&T's objections to AMF 34 and 35, concerning “statements made by an alleged employee to Terpin.” (Def.'s Evid. Objs., ECF Nos. 228 (sealed), 231 (redacted).) Such statements are inadmissible hearsay, the contents of which Terpin is unable to offer in an admissible form at trial. Cf. Fraser v. Goodale, 342 F.3d 1032, 1036 (9th Cir. 2003) (“At the summary judgment stage, we . . . focus on the admissibility of [the evidence's] contents.”). The statements are also immaterial to resolution of this Motion. See infra Section V.C.
C. January 2018 SIM Swap and Cryptocurrency Theft
In January 2018, Terpin's 310 number was again SIM swapped; thieves stole approximately $24 million of Terpin's cryptocurrency. (PAMF 135, 164, valuation disputed by Resp. AMF 164; Decl. Jeremy S. Ochsenbein ISO Mot. (“Ochsenbein Decl.”) ¶ 3, Ex. A (“Terpin Dep.”) 347:1-7, ECF No. 167-1.)
On January 7, 2018, non-party Jahmil Smith was employed by Spring Communications, an AT&T authorized retailer. (AMF 86-89.) Non-party Ellis Pinsky was aware that Terpin invested in cryptocurrency, he knew Terpin's 310 number, and he bribed Smith to SIM swap Terpin's 310 number to another phone that Pinsky controlled. (SUF 13, 37-39, 41; AMF 155, 157-59.) Pinsky knew that Terpin did not use Two Factor Authentication (“2FA”) on his Gmail account, so Pinsky and his associates reset the password for that account and were then able to access various of Terpin's other online accounts, including his Microsoft OneDrive. (SUF 40, 42, 43; AMF 161-63.) In Terpin's OneDrive online file storage, Pinsky discovered a trash file; in the trash file, he discovered a document; in the document, he cites Terpin's Statement of Genuine Disputes, “SGD,” and Additional Material Facts, “AMF” separately, despite their location in the same document. (See ECF No. 233-5.) discovered Terpin's cryptocurrency access credentials. (SUF 43; AMF 162, 164.) Using those credentials, Pinsky accessed Terpin's cryptocurrency wallets and stole his cryptocurrency. (AMF 164; Ochsenbein Decl. ¶ 13, Ex. K (“Pinsky Dep.”) 243:9-21, 246:19-247:3, ECF No. 167-1.)
Terpin contends that he did not knowingly store access credentials for any cryptocurrency wallets online. (SUF 18.) Rather, his practice was to store certain cryptocurrency access credentials in a password-protected file on flash drives kept in secure locations. (SUF 19.) When he wanted to access his cryptocurrency, he would:
(1) insert the flash drive containing his access credentials into his computer, (2) open up the file containing the credentials, (3) open up a separate Word document, (4) paste the credentials he wanted to access into the separate document, and (5) then copy and paste the credentials from the separate document to the wallet.(SUF 20.) It is unnecessary to paste the access credentials into a separate document because the credentials could be pasted directly into the cryptocurrency wallet application. (SUF 21.)
Some time prior to the January 2018 SIM swap, Terpin followed the above steps to access his cryptocurrency wallets at issue in this case. (SUF 23.) Although Terpin does not use Microsoft OneDrive, the program is installed on his computer. (SUF 24.) Terpin testified that OneDrive automatically saved a version of the copy-paste document with the access credentials in a trash folder. (SUF 24.) Terpin had installed Microsoft Authenticator, a 2FA program that normally prevents access to Microsoft accounts via SIM swaps, but Terpin knew his installation of Authenticator regularly malfunctioned. (SUF 30-32.) Terpin had linked his 310 number to his Microsoft OneDrive account as part of the initial set up of the Microsoft account, so when Authenticator malfunctioned again on January 7, 2018, Pinsky and his associates were able to access Terpin's Microsoft account through the 310 number. (SUF 27, 31.)
Prior to the January 2018 SIM swap, AT&T was not aware that Terpin had linked any accounts to his 310 number. (SUF 28.)
D. Related Litigation
Terpin sued non-parties Pinsky and Nicholas Truglia, Pinsky's associate, for their roles in the theft of Terpin's cryptocurrency. (See Ochsenbein Decl. Exs. H, I.) In April 2019, a California court awarded Terpin more than $75 million against Truglia in a default judgment. (Ochsenbein Decl. Ex. H (Notice Entry J., Terpin v. Truglia, No. 18STCV09875 (Cal. Super. Ct. April 30, 2019)), ECF No. 167-1.) In October 2022, Pinsky agreed to a New York-court-ordered judgment awarding Terpin $22 million against Pinsky. (Ochsenbein Decl. Ex. I (Stip. & Consent J., Terpin v. Pinsky, No. 20-cv-3557 (CS) (AEK) (S.D.N.Y. Oct. 14, 2022)).) Truglia was also prosecuted criminally for his role in the theft. (See Ochsenbein Ex. B (Terpin Suppl. Resps. Special Interrogs.) No. 5, 14:14, ECF No. 167-1.)
E. This Litigation
On August 15, 2018, Terpin filed this action against AT&T, seeking to recover $24 million, among other damages. (Compl., ECF No. 1.) After several motions to dismiss, Terpin's remaining claims are for negligence; negligent supervision and training; negligent hiring; violation of FCA; breach of contract (Privacy Policy), and declaratory relief. (See Order First Mot. Dismiss, ECF No. 29; Order Second Mot. Dismiss, ECF No. 37; Order Third Mot. Dismiss, ECF No. 49; Second Am. Compl. (“SAC”), ECF No. 42.) AT&T now moves for summary judgment on all claims.
III. LEGAL STANDARD
A court “shall grant summary judgment if the movant shows that there is no genuine dispute as to any material fact and the movant is entitled to judgment as a matter of law.” Fed.R.Civ.P. 56(a). The burden of establishing the absence of a genuine issue of material fact lies with the moving party, see Celotex Corp. v. Catrett, 477 U.S. 317, 322-23 (1986), and the court must view the facts and draw reasonable inferences in the light most favorable to the nonmoving party, Scott, 550 U.S. at 378.
Once the moving party satisfies its burden, the nonmoving party cannot simply rest on the pleadings or argue that any disagreement or “metaphysical doubt” about a material issue of fact precludes summary judgment. See Celotex, 477 U.S. at 322-23; Matsushita Elec. Indus. v. Zenith Radio Corp., 475 U.S. 574, 586 (1986); Cal. Architectural Bldg. Prods., Inc. v. Franciscan Ceramics, Inc., 818 F.2d 1466, 1468 (9th Cir. 1987). A “non-moving party must show that there are ‘genuine factual issues that properly can be resolved only by a finder of fact because they may reasonably be resolved in favor of either party.'” Cal. Architectural Bldg. Prods., 818 F.2d at 1468 (quoting Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 250 (1986)).
“[I]f the factual context makes the non-moving party's claim implausible, that party must come forward with more persuasive evidence than would otherwise be necessary to show that there is a genuine issue for trial.” Id. (emphasis omitted) (citing Matsushita, 475 U.S. at 586-87). Moreover, though the Court may not weigh conflicting evidence or make credibility determinations, there must be more than a mere scintilla of contradictory evidence to survive summary judgment. Anderson, 477 U.S. at 255; Addisu v. Fred Meyer, Inc., 198 F.3d 1130, 1134 (9th Cir. 2000). The court should grant summary judgment against a party who fails to demonstrate facts sufficient to establish an element essential to his case when that party will ultimately bear the burden of proof at trial. See Celotex, 477 U.S. at 322.
Pursuant to the Local Rules, “the Court may assume that the material facts as claimed and adequately supported by the moving party are admitted to exist without controversy except to the extent that such material facts are (a) included in the ‘Statement of Genuine Disputes' and (b) controverted by declaration or other written evidence filed in opposition to the motion.” C.D. Cal. L.R. 56-3.
IV. OBJECTIONS
AT&T objects to various items of Terpin's opposition evidence and additional facts. (See Def.'s Evid. Objs.) Much of the material to which AT&T objects is unnecessary to the resolution of the summary judgment motion and the Court need not resolve those objections. For similar reasons, relevance- and foundation-based objections are moot in the context of summary judgment motions. Burch v. Regents of Univ. of Cal., 433 F.Supp.2d 1110, 1119 (E.D. Cal. 2006). Moreover, the Court does not consider Terpin's improper argument and legal conclusions offered in his statements of fact and dispute, (see Scheduling Order 7-9), so AT&T's objections on that basis are moot. Finally, to the extent the Court relies on objected-to evidence in this order without further discussion, those objections are overruled. See Burch, 433 F.Supp.2d at 1122 (proceeding with only necessary rulings on evidentiary objections).
The Court must digress to contend with Terpin's flagrant disregard for the Court's orders with respect to summary judgment motions. Specifically, the Court's Scheduling Order provides that “identifying additional facts in opposition to the motion without any reasonable basis for believing that the additional facts will materially affect the outcome of the motion” “shall be grounds for sanctions under Federal Rule of Civil Procedure 11 .” (Scheduling Order 7 (emphasis in original).) Terpin ignores this emphatic warning and identifies 172 additional facts- many of which are not facts but legal conclusions or argument-yet Terpin directly relies on only 24 of these in his opposing argument. (Compare AMF 1-172, with Opp'n 10-22.) As Terpin apparently deems only 24 additional facts to be material, the Court limits its review of Terpin's additional facts correspondingly. See Carmen v. S.F. Unified School Dist., 237 F.3d 1026, 1029 (9th Cir. 2001) (“[A] district court is not required to comb the record to find some reason to deny a motion for summary judgment.” (internal quotation marks omitted).)
V. DISCUSSION
AT&T moves for summary judgment on Terpin's claims for negligence, negligent training and supervision, negligent hiring, unauthorized disclosure under the FCA, breach of the Privacy Policy, and declaratory relief. AT&T contends no genuine dispute of material fact exists and it is entitled to judgment as a matter of law because: (A) the negligence claims are barred by the economic loss doctrine; (B) the FCA claim fails because there is no evidence that confidential information was improperly disclosed; (C) the breach of contract claim fails because Terpin may not recover consequential damages; (D) all claims fail because the chain of causation between AT&T's conduct and Terpin's harm is too attenuated to be a proximate cause of Terpin's alleged loss; and (E) the declaratory relief claim is moot. (Mot. 1-2.) A. Negligence-Economic Loss Doctrine
AT&T moves for summary judgment on Terpin's negligence-based claims, (SAC ¶¶ 166-204), arguing that these claims are barred by the economic loss doctrine as recently clarified by the California Supreme Court in Sheen v. Wells Fargo, N.A., 12 Cal. 5th 905, 923 (2022), (Mot. 1, 9-10).
Under California law, the “economic loss doctrine” generally bars “recovery in tort for negligently inflicted ‘purely economic losses,' meaning financial harm unaccompanied by physical or property damage.” Moore v. Centrelake Med. Grp., Inc., 83 Cal.App. 5th 515, 534-35 (2022), review denied (Dec. 14, 2022) (quoting Sheen, 12 Cal. 5th at 922). The California Supreme Court recognized an exception to the rule, in Biakanja v. Irving, 49 Cal. 2d 647, 650 (1958) and J'Aire Corp. v. Gregory, 24 Cal.3d 799, 804 (1979), under which the doctrine does not prevent recovery in tort if a plaintiff establishes, through several factors, that a “special relationship” exists between the plaintiff and the defendant. See J'Aire, 24 Cal.3d at 804 (citing Biakanja, 49 Cal. 2d at 650). circumstances, there is no need to analyze the Biakanja special-relationship factors.”). In light of the California Supreme Court's intervening opinion in Sheen, the Court finds it appropriate to revisit the issue of whether the economic loss doctrine bars Terpin's negligence-based claims.
It is undisputed that Terpin and AT&T are in contractual privity. (SUF 10.) The parties dispute only whether Terpin's negligence claims arise “independent of the contract.” (Mot. 10; Opp'n 10-12.) AT&T argues Terpin's claims that AT&T “negligently provid[ed] third parties access to Terpin's telephone number” are “clearly related to the parties' contractual relationship” concerning the provision and safeguarding of wireless services. (Mot. 10.) In opposition, Terpin abandons his earlier special relationship argument and now contends that his negligence claims are independent of the contractual relationship because they arise from “a statutory obligation under the FCA to preserve the privacy of customers' calls.” (Opp'n 10.) Comparing the undisputed facts here to the circumstances in Sheen and cases that followed, the Court finds that AT&T now has the better side of the law.
Terpin's reliance on the 2015 “FCC Consent Decree” for this independent duty is unavailing. (Opp'n 11; see also Reply 2 n.1 (noting the consent decree's limited relevance, as it did not involve SIM swaps or cryptocurrency).) Terpin's additional facts regarding the consent decree constitute improper legal conclusions and argument and are disregarded accordingly. (Scheduling Order 7-9.) AT&T's evidentiary objections to the consent decree are SUSTAINED.
In Sheen, the court found that the economic loss rule barred Sheen's negligence claim against Wells Fargo based on a duty of care to process and respond to Sheen's loan modification applications. 12 Cal. 5th at 914-15, 933, 942. Sheen and Wells Fargo had a contract for Sheen's first residential mortgage, which specified the rights and obligations to which the parties had agreed, including Wells Fargo's right to foreclose in the event of Sheen's default. Id. at 924. The court noted that the parties did not agree that, before Wells Fargo could exercise that contractual right, it was obligated to process and respond to Sheen's modification applications, the duty which Sheen asserted. Id. Because Sheen's negligence claim was “based on an asserted duty that [wa]s contrary to the rights and obligations clearly expressed in the loan contract,” the court concluded that Sheen's negligence claim was “not independent of the original mortgage contract.” Id. at 925.
Applying Sheen here, the economic loss doctrine bars Terpin's negligence claims against AT&T, which are based on a duty of care to safeguard Terpin's personal information, and a duty of care to hire, train, and supervise employees to do the same. Terpin and AT&T have a contract, the WCA, which specifies the rights and obligations to which they have agreed with respect to AT&T's provision of Terpin's wireless service. (SUF 14.) The WCA expressly limits AT&T's liability for indirect losses or damages suffered by the use of covered devices and services. (Ochsenbein Decl. Ex. C (“WCA”) § 4.1, ECF No. 167-1.) The WCA also incorporates the Privacy Policy, which specifies the parties' rights and obligations concerning (1) Terpin's use of AT&T products and services, and (2) AT&T's practices regarding the information it collects from Terpin. (Ochsenbein Decl. Ex. D (“Privacy Policy”) 1, 4, ECF No. 167-1.) The Privacy Policy expressly cautions that “no security measures are perfect, and [AT&T] cannot guarantee that your Personal Information will never be disclosed in a manner inconsistent with this Policy (for example, as the result of unauthorized acts by third parties that violate the law or this Policy).” (Id. at 12.) These were the terms of the parties' agreement. namely, for indirect losses resulting from Terpin's use of the 310 number for his Microsoft account. The proposed duty also directly contradicts the Privacy Policy's plain language: that AT&T “cannot guarantee” Terpin's personal information would never be disclosed inconsistent with the Policy or the law. Thus, just as in Sheen, Terpin's negligence claims here are “based on an asserted duty that is contrary to the rights and obligations clearly expressed” in parties' contract. Id. As such, under Sheen, Terpin's negligence claims are not independent of the contract.
This result obtains equally in the present context of safeguarding personal information as it did when compared to the mortgage contracts in Sheen. See Moore, 83 Cal.App. 5th at 535. In Moore, the plaintiffs and defendant entered into contracts, including a privacy policy in which the defendant promised to maintain adequate data security practices to protect plaintiffs' personal information (“PII”). Id. at 519. After hackers breached the defendants' data security and stole the plaintiffs' PII, the plaintiffs asserted a negligence claim against the defendant. Id. Applying Sheen, the California Court of Appeal in Moore affirmed that the economic loss doctrine barred the plaintiffs' negligence claim because the parties were in direct contractual privity and the plaintiffs failed to show their claim was independent of their contracts. Id. at 535 (“[Plaintiffs] provided their PII to [defendant] pursuant to the contracts establishing their . . . relationships, and [plaintiffs'] asserted injuries arose from [defendants] failure to provide data security allegedly promised in their contracts.”). Similarly here, Terpin and AT&T are in direct contractual privity, Terpin received wireless service and provided his personal information to AT&T pursuant to the contract, and Terpin claims his injuries arise from AT&T's alleged failure to safeguard his personal information. Thus, Moore further confirms that Terpin's negligence-based claims are not independent of the WCA, and are barred by the economic loss doctrine. AT&T's duty to protect customer information under the FCA is “complementary to the WCA.” (Id.) But AT&T is in possession of Terpin's customer information only as a result of its contractual relationship with Terpin. (See Reply 2-3.) These facts, that the duty is complementary and that AT&T has the information purely as a result of the WCA, further support the understanding that the asserted duty to safeguard Terpin's personal information is not “independent of the contract.” Moreover, the FCA provides a federal cause of action, which Terpin has invoked in this case; Terpin offers no basis to infer that he may circumvent Congress's carefully crafted statutory scheme by bootstrapping that cause of action into an undefined expansion of tort law. See Sheen, 12 Cal. 5th at 936 (rejecting Sheen's argument to bypass the economic loss rule as “a potentially enormous expansion of tort law,” with “no apparent endpoint”); see also id. at 933 (“To recognize a duty of this indefiniteness and breadth seems out of step with our previous exceptions to the contractual economic loss rule, which permit much more cabined relief to ensure . . . contracting parties get what they have contracted for.”).
Nor is the Court persuaded by Terpin's assertion that the economic loss doctrine does not apply because “the WCA is a classic contract of adhesion.” (Opp'n 11.) Terpin does not elaborate on this statement and does not raise a triable issue on the subject. (See id.) The Court declines to develop Terpin's argument for him. See Ventress v. Japan Airlines, 747 F.3d 716, 723 n.8 (9th Cir. 2014).
The parties are “in contractual privity and [Terpin's] claim is not independent of the contract.” Id. at 942 (internal quotation marks omitted). The special relationship factors are thus inapplicable, id., and the economic loss doctrine bars Terpin's negligence claims as a matter of law, id. at 923-25; Moore, 83 Cal.App. 5th at 535. AT&T is therefore entitled to summary judgment on Terpin's negligence, negligent training and supervision, and negligent hiring causes of action.
B. FCA-Confidential Proprietary Information
Terpin asserts a cause of action under the FCA for unauthorized disclosure of his CPNI and proprietary network information, in violation of 47 U.S.C. § 222. (SAC ¶¶ 133-41.) AT&T moves for summary judgment, arguing Terpin can offer no evidence that information protected under section 222 was disclosed. (Mot. 11-12.)
Section 222 requires a telecommunications carrier to protect the confidentiality of its customers' proprietary information. See 47 U.S.C. § 222(a). The FCA proscribes disclosure of certain types of customer information, including “individually identifiable [CPNI]” that a provider “receives or obtains . . . by virtue of its provision of a telecommunications service.” Id. § 222(c)(1). CPNI is “information that relates to the quantity, technical configuration, type, destination, location and amount of use of a telecommunications service” and information contained in the customer's phone bills. Id. § 222(h)(1). Section 222 also requires a telecommunications carrier to protect “the confidentiality of proprietary information of, and relating to other telecommunication carriers, equipment manufacturers, and customers,” id. § 222(a), and “was principally intended to protect consumer's privacy interests,” ICG Commc'ns, Inc. v. Allegiance Telecomm, 211 F.R.D. 610, 612 (N.D. Cal. 2002).
Here, the evidence establishes that the SIM swap itself disclosed only access to the 310 number, and only on a going forward basis. The 310 number was not confidential or private, as it was published in press releases online before the events at issue here. (SUF 12.) Pinsky testified that he already knew the 310 number and the SIM swap gave him access to that number only going forward. (SUF 13, 35; Pinsky Dep. 234:18-235:5.) Pinky did not gain any information about Terpin's previous calls or wireless service usage. (Pinsky Dep. 236:1-8; SUF 3.) Thus, the undisputed facts and evidence establish that the SIM swap itself did not disclose CPNI or confidential proprietary information under the FCA. “location” information by sending messages to that number. (Id.) First, the SIM swap itself did not disclose Terpin's online account information; rather, Pinsky undertook many additional steps, beyond the mere access to the 310 number, to obtain that information. (See SUF 40, 42, 43; AMF 160-64.) Second, Terpin offers no evidence that suggests the thieves ever learned the “technical configuration” or “destination” and “location” of Terpin's wireless service information. The SIM swap associated Terpin's 310 number to a phone in Pinsky's control; it did not reveal the details of Terpin's phone bill, user agreement, technical service specifications, call history, data usage, or any other confidential, proprietary information.
Finally, Terpin half-heartedly suggests that Smith “saw the details of Terpin's account information while . . . processing the SIM swap,” and this constitutes unauthorized disclosure of his confidential information. (Opp'n 13.) Terpin offers no evidence in support of this statement. (See id.; Reply 5.) Further, Terpin points to no evidence which suggests what Smith did, or did not, see during that transaction. (See Opp'n 13.) Terpin is required at the summary judgment stage to produce evidence of a triable issue. Celotex, 477 U.S. at 322-23. Absent any evidence regarding what information was revealed during the SIM swap, no jury could reasonably infer that Terpin's protected information was disclosed to Smith in violation of the FCA. Nat'l Steel Corp. v. Golden Eagle Ins. Co., 121 F.3d 496, 502 (9th Cir. 1997) (“Conclusory allegations . . . without factual support, are insufficient to defeat summary judgment.”).
The undisputed facts establish that the SIM swap did not disclose any information that is protected under 47 U.S.C. § 222, and Terpin fails to raise a triable issue on this claim. Accordingly, AT&T is entitled to judgment as a matter of law on Terpin's FCA cause of action.
C. Breach of Contract-Consequential Damages AT&T breached by failing to protect his personal information, (id. ¶¶ 207, 209), causing Terpin to suffer damages including $24 million in stolen cryptocurrency, (id. ¶ 210). AT&T moves for summary judgment on this cause of action on the grounds that, “even if Terpin could prove a breach, the damages he seeks are barred by both California law and the terms of the WCA.” (Mot. 14 (emphasis omitted).)
To establish a cause of action for breach of contract, a plaintiff must demonstrate that he was damaged by defendant's breach of the agreement. Oasis W. Realty, LLC v. Goldman, 51 Cal.4th 811, 821 (2011) (stating elements). Contract damages are equivalent to the benefit of the contractual bargain. Lewis Jorge Constr. Mgmt., Inc. v. Pomona Unified Sch. Dist., 34 Cal.4th 960, 967-68 (2004); Cal. Civ. Code. § 3558 (providing that an injured party's damages cannot exceed what it would have received if the contract had been fully performed). They may manifest as “general damages (sometimes called direct damages) [or] special damages (sometimes called consequential damages).” Lewis Jorge, 34 Cal.4th at 968. AT&T contends, and Terpin does not dispute, that his claimed contract damages are “special” or “consequential” damages, because they do not “flow directly and necessarily from a breach of contract.” (Mot. 14; see generally Opp'n 15-18.)
“Special damages are recoverable if the special or particular circumstances from which they arise were actually communicated to or known by the breaching party (a subjective test) or were matters of which the breaching party should have been aware at the time of contracting (an objective test).” Lewis Jorge, 34 Cal.4th at 968-69. “Parties may voluntarily assume the risk of liability for unusual losses, but to do so they must be told, at the time the contract is made, of any special harm likely to result from a breach.” Id. at 970 (emphasis added). “Alternatively, the nature of the contract or the circumstances in which it is made may compel the inference that the defendant should have contemplated the fact that such a loss would be ‘the probable result' of the defendant's breach.” Id. (emphasis added).
Here, the undisputed facts establish as a matter of law that Terpin cannot recover the damages he seeks for the alleged breach of the Privacy Policy. There is no dispute that Terpin entered the WCA with AT&T by at least 2011. (SUF 10.) There is also no dispute that Terpin did not begin investing in cryptocurrency until 2013. (SUF 7.) AT&T contends Terpin never informed it of his cryptocurrency investments before January 2018, (Resp. AMF 33), but Terpin claims he advised AT&T that he invested in cryptocurrency by June 2017, (SGD 11; AMF 33). Regardless, viewing this dispute in Terpin's favor, AT&T could not have voluntarily assumed the risk or foreseen the potential of Terpin's cryptocurrency loss in 2011, “at the time the contract [was] made.” See Lewis Jorge, 34 Cal.4th at 970; Sun-Maid Raisin Growers v. Victor Packing Co., 146 Cal.App.3d 787, 790 (1983) (providing that foreseeability of consequential damages is generally a question for a jury, “unless it can be ruled on as a matter of law”). Simply put, Terpin's cryptocurrency loss was beyond the parties' expectations at the time they entered the contract. See Lewis Jorge, 34 Cal.4th at 970 (“Not recoverable as special damages are those ‘beyond the expectations of the parties.'”).
Terpin argues his breach of contract claim encompasses “not only the WCA contract of adhesion,” but also AT&T's 2017 unwritten promise of “extra security.” (Opp'n 15.) As the Court has noted above, Terpin does not support his passing references to the WCA as a “contract of adhesion” or otherwise raise a question about whether its terms are enforceable. See Food Safety Net Servs. v. Eco Safe Sys. USA, Inc., 209 Cal.App.4th 1118, 1127-28 (2012) (finding terms of agreement governed where the plaintiff identified no evidence that the terms were the product of unequal bargaining power or against public policy); see also Ventress, 747 F.3d at 723 n.8 (declining to address undeveloped argument). As for the promise of “extra security,” Terpin did not allege an oral modification to the contract, (see SAC ¶¶ 205-11), and therefore any such oral promise is not properly before the Court as to the question of summary judgment on the breach of contract claim, see Wasco Prods., Inc. v. Southwall Techs., Inc., 435 F.3d 989, 992 (9th Cir. 2006) (rejecting new allegations raised for the first time in opposition to summary judgment motion because “[t]he necessary factual averments are required with respect to each material element of the underlying legal theory”).
Additionally, the WCA includes a limitation of liability, expressly excluding special or consequential damages. (SUF 16; WCA § 4.1.) Such clauses are generally deemed viable. See, e.g., Food Safety Net Servs., 209 Cal.App.4th at 1126 (“Clauses of this type have long been recognized as valid in California.” (internal quotation marks omitted)). That this limitation is expressly included in the contract at issue further demonstrates that AT&T did not voluntarily assume or contemplate the type of damages that Terpin seeks here. Terpin's response to this limitation of liability, that AT&T cannot “exculpate itself from gross negligence or statutory violations,” (Opp'n 17), does not bear on the present issue, which is whether AT&T may limit its liability for breach of contract.
Terpin fails to raise a triable issue that, when the contract was formed, AT&T reasonably contemplated a breach of the Privacy Policy could possibly lead to a $24 million cryptocurrency loss. The Court agrees with AT&T that Terpin may not “transform a standard contract for wireless telephone service into an uber-insurance policy to protect $24 million in cryptocurrency assets about which AT&T had no knowledge.” (Mot. 14.) As Terpin cannot recover the consequential damages he seeks under a contract breach theory, AT&T is entitled to judgment as a matter of law on Terpin's breach of contract cause of action.
D. All Claims-Proximate Causation
AT&T also moves for summary judgment on all causes of action on the grounds that the chain of causation between AT&T's conduct and Terpin's harm is too attenuated to be a proximate cause of Terpin's alleged loss. (Mot. 15-20.) As discussed in the foregoing sections, the Court finds that AT&T is entitled to summary judgment on Terpin's negligence-based, FCA, and contract causes of action, so the Court need not reach this alternative basis for granting the Motion on those claims.
E. Declaratory Relief-Mootness
Finally, AT&T moves for summary judgment on Terpin's declaratory relief cause of action, in which Terpin alleges that the WCA is unconscionable, void against public policy, and unenforceable. (Mot. 20-21; SAC ¶¶ 111-32.)
Declaratory relief is not appropriate unless “there is a substantial controversy, between parties having adverse legal interests, of sufficient immediacy and reality to warrant the issuance of declaratory judgment.” Boeing Co v. Cascade Corp., 207 F.3d 1177, 1192 (9th Cir. 2000). When the circumstances “that prevailed at the beginning of litigation” have changed in a way to “forestall[] any occasion for meaningful relief,” a declaratory relief claim is moot. S. Cal. Painters & Allied Trades, Dist. Council No. 36 v. Rodin & Co., 558 F.3d 1028, 1035 (9th Cir. 2009) (quoting Gator.com Corp. v. L.L. Bean, Inc., 398 F.3d 1125, 1129 (9th Cir. 2005) (en banc)).
In the sections above, the Court finds that AT&T is entitled to judgment as a matter of law on Terpin's causes of action for negligence, unauthorized disclosure, and breach of contract. Accordingly, there is no longer a substantial controversy nor any occasion for Terpin to obtain meaningful relief. Therefore, AT&T has established that Terpin's cause of action for declaratory relief is moot. See id. Further, as noted, Terpin does not develop or put forward an argument for unconscionability, voidness, or unenforceability; additionally, he does not respond to AT&T's Motion on the claim for declaratory relief. (See generally Opp'n); see United States v. Graf, 610 F.3d 1148, 1166 (9th Cir. 2010) (“Arguments made in passing and not supported by citations to the record or to case authority are generally deemed waived.”); see, e.g., Jenkins v. County of Riverside, 398 F.3d 1093, 1095 n.4 (9th Cir. 2005) (finding plaintiff abandoned claims by not raising them in opposition to summary judgment motion).
As AT&T establishes the claim for declaratory relief is moot, and as Terpin does not respond to AT&T's Motion on this claim, the Court concludes that AT&T is entitled to judgment as a matter of law on the declaratory relief cause of action.
VI. CONCLUSION
For the reasons discussed above, the Court GRANTS AT&T's Motion for Summary Judgment. (ECF Nos. 167, 168.) In light of this disposition, the Court DENIES AS MOOT AT&T's ex parte application to conduct depositions. (ECF No. 239.) Within three court days, AT&T shall lodge with the Court a Proposed Judgment consistent with this Order.
IT IS SO ORDERED.