Spyware Company Can Be Sued Under Wiretap ActNovember 18, 2016 - 12 minutes read
The market for private surveillance tools is booming, and as reported recently, many of these tools are sold to governments and foreign intelligence officials with little regulation and oversight. These tools allow users to intercept voice calls, text messages, and emails. Repressive governments even use them to target journalists and political dissidents. While the market for these devices is booming, their prevalence is not a new phenomenon, and their impact may hit closer to home than most people realize. For years, manufacturers of private surveillance tools like spyware, screen capture technologies, and keyloggers have deliberately marketed these products to suspicious spouses and partners in deteriorating relationships. But a recent decision by the U.S. Court of Appeals for the Sixth Circuit in Cincinnati should cause jealous spouses, their attorneys, and even the spyware manufacturers themselves to pause. In that case, an Ohio man’s decision to deploy commercial spyware on his spouse’s computer cost him dearly, and it even exposed him, his attorneys, and the spyware manufacturer to potential liability for violating the federal Wiretap Act.
In Luis v. Zang, No. 14-3601 (6th Cir. Aug. 16, 2016), a jealous husband (Mr. Zang) installed audio and video surveillance equipment at home to spy on his wife. He also installed a commercial spyware program known as WebWatcher on her computer to monitor her correspondence and determine if she was having an affair. Mr. Zang discovered that his wife was having daily correspondence with another man in Florida, Javier Luis, and used the evidence as leverage in divorce and custody proceedings.
While Mr. Zang’s actions confirmed his suspicions and resulted in favorable outcomes in the divorce proceedings, it spawned other litigation that did not turn out so favorably for Mr. Zang and his family-law attorneys (one of whom was his brother-in-law who may have advised him to install the spyware). When Mrs. Zang learned that her privacy had been violated and that her husband and his attorneys had intercepted her correspondence with Mr. Luis and others, she filed suit for invasion of privacy and other causes of action. That case appears to have finally settled in 2015 after almost four years of protracted litigation.
Separately, in a separate lawsuit that spawned the appellate decision mentioned above, Mr. Luis sued the same defendants with similar claims, but he also sued the manufacturer of the WebWatcher program, Awareness Technologies, for an invasion of privacy and violations of federal and state wiretap laws. The spyware manufacturer successfully moved to dismiss the action for failure to state a claim (essentially a “so what?” defense in federal court whereby the defendant asks the court to dismiss the claim because the facts alleged do not show a legal violation). The plaintiff appealed the trial court’s decision to the Sixth Circuit Court of Appeals, which reversed and found that the plaintiff had, in fact, adequately pleaded a violation of the Federal Wiretap Act.
The Federal Wiretap Act Prohibits Illegal Interception and Disclosure of Communications, In Addition To The Manufacturing and Advertisement of Intercepting Devices
The federal wiretap act provides a private right of action to persons who are the victims of an intentional interception of electronic communications. See 18 U.S.C. § 2520. The statute provides for statutory damages against a party who has “engaged in” a violation of a Wiretap Act. Among other things, the Wiretap Act prohibits (i) the interception and disclosure of wire, oral, or electronic communications (18 U.S.C. § 2511) and (ii) the manufacture, distribution, possession, and advertising of wire, oral, or electronic communication intercepting devices(18 U.S.C. § 2512).
In Mr. Luis’s case, his complaint alleged that Awareness Technologies had violated both of these provisions, §§ 2511 and 2512.
Plaintiff Adequately Alleged Violations of the Federal Wiretap Act By The Spyware Manufacturer
On appeal, Awareness Technologies tried to argue that the software did not “intercept” electronic communications because it only offered the ability to record activities occurring on the computer and then to review those records at a later time. The Sixth Circuit rejected that argument. While the court noted that the Wiretap Act does not explicitly require that the acquisition of a communication occur contemporaneously with the transmission of the communication, the term “intercept” only applies to “electronic communications” and not “electronic storage” as those terms are specifically defined under the Electronic Communications Privacy Act (ECPA) of 1986. Under the court’s review of the ECPA, it found that for purposes of the Wiretap Act (i.e., ECPA Title I), if a communication is acquired contemporaneously with its transmission, then an “intercept” has occurred. See id. at *10 (citing, among others, Konop v. Hawaiian Airlines, Inc., 302 F.3d 868 (9th Cir. 2002)).
The court ultimately found that Mr. Luis had adequately pleaded a violation of section 2511 based on the facts alleged in the complaint, which included and referenced various marketing materials describing the key operational features of the WebWatcher software. One of the features advertised, among others, was that WebWatcher lets users review another person’s electronic communications “in real time.” Another key feature was that the communications, once intercepted, were routed to Awareness’s servers in California. The court found that plaintiff’s assertions that the defendant had intercepted his communications with an electronic device and had done so contemporaneously and in the same manner as advertised in the company’s marketing materials were sufficient to overcome the motion to dismiss with respect to the illegal-intercept claim.
The Court also found that the complaint stated a claim for violating the provision of the Wiretap Act (§ 2512) that prohibits the manufacture, assembly, and sale of an electronic device that is primarily useful for surreptitious interception of wire, oral or electronic communications. The court rejected Awareness’s argument that it could not be found liable because it “did not initiate the specific action that ‘intercepted, disclosed, or intentionally used’ [Mr.] Luis’s communications in violation of the Wiretap Act” because Plaintiff had adequately pled the alternative theory of liability under section 2512. Because Awareness was alleged “to have actively manufactured, marketed, sold, and operated the device that was used to [violate the Wiretap Act],” those allegations “[were] enough to establish that Awareness was ‘engaged in’ a violation.” Id. at *23. As the court explained, it was the manufacturer’s continued conduct, post-sale, that made it complicit in the intercept for purposes of § 2520:
A defendant who manufactures, markets, and sells a wiretapping device in violation of 18 U.S.C. § 2512 is potentially liable in a private suit brought under § 2520 when that defendant also plays an active role in the operation of the device to ‘intercept, disclose, or intentionally use; a plaintiff’s electronic communications. Put differently, the active operation of the device establishes that a defendant who has manufactured, marketed, and sold the device at issue (in violation of § 2512) has in fact participated in the intercept, disclosure, or use of a plaintiff’s communications to such a degree that the defendant has ‘engaged in’ the underlying violation.
Id. at *26-27. The court emphasized that Awareness knew that the WebWatcher software it manufactured and marketed would be primarily used to illegally intercept electronic communications, and it also remained actively involved in the software’s operation by maintaining the servers that stored intercepted communications.
Plaintiff Stated Claims for Violations of His Rights To Privacy Under Ohio Law Against the Spyware Manufacturer
As a matter of state law, the Sixth Circuit also held that Awareness could be found liable under the Ohio Wiretap Act and Ohio common law for intercepting Mr. Luis’s electronic communications and storing them on its servers to be later distributed. Most notably, the court found that the complaint adequately alleged that the company had intruded on Luis’s common-law right to privacy by accessing his private correspondences without permission. In the court’s view, both the plaintiff and Ms. Zang had a reasonable expectation of privacy in the exchange of their electronic communications, and the manufacturer could not escape the claims by arguing that a different party like Ms. Zang’s husband was more responsible for the intrusion on their privacy.
Ultimately, we live in a digital age where electronic communication is widespread and much of our personal information is stored digitally. As such, online activity is sometimes vulnerable to prying eyes and individual privacy is now more important than ever.
If you believe someone has used spyware to monitor your electronic communications or online activity, or if you are a family law attorney who suspects that your client may have been spied upon, we are available to provide answers to your legal questions and to assist you in your investigation of the underlying facts. We would welcome the chance to discuss your situation with you and assess any potential claims against the culpable parties. Contact us here.