Court Says Man Can Sue Maker Of Web-Monitoring Software For Wiretap Act Violations

from the webwatching-your-way-to-an-easier-divorce! dept

The Sixth Circuit Court of Appeals has decided a man whose communications were snagged by commercial spyware can sue the software's maker for violating federal wiretap law.

The plaintiff, Javier Luis, became involved in an online relationship with an unhappily married woman. Her husband, Joseph Zang, installed Awareness Technologies' "WebWatcher" on his wife's computer in order to keep tabs on her online communications. After discovering his communications had been intercepted, Luis sued the software's maker (along with the husband, who has already settled with Luis and is no longer listed as a defendant).

The Appeals Court doesn't form an opinion on the strength of Luis's claims -- only noting that they're strong enough to survive dismissal. Awareness Software will be able to more fully address the allegations in the lower court on remand, but for now, the Appeals Court finds [PDF] the software's "contemporaneous interception" of electronic communications to be a potential violation of the Wiretap Act.

Two allegations in the complaint support this inference. First, Luis alleges that the communications at issue “were not originally stored on the computer’s hard drive.” The communications were instead acquired by Awareness “as [they were] being written and communicated between senders and recipients.” This allegation directly supports the proposition that the communications were still “in flight” for the purposes of 18 U.S.C. § 2511.


Second, Luis alleges that “WebWatcher immediately and instantaneously rout[e]s the intercepted communications to their [i.e., Awareness’s] servers located in California.” (Emphasis in original.) This allegation directly supports an inference of contemporaneous interception because, if WebWatcher does in fact “immediately and instantaneously” copy and send communications “as [they are] being written,” then the acquisition of the communications likely occurs before the communications have come to rest in electronic storage.

Somewhat illogically, Awareness suggested that the supporting evidence provided by Luis could have referred to a different product (not made by Awareness) that has an identical name.

Awareness is of course correct that some possibility exists that the marketing materials might refer to another device carrying the trademark “WebWatcher” that is unaffiliated with Awareness’s own WebWatcher. This argument, however, is far-fetched at best, and the more “plausible inference,” see id. at 682, is that the materials do in fact apply to Awareness’s WebWatcher that Joseph allegedly used.

Slightly more logically, it suggested that it cannot be held liable under the Wiretap Act because it's the end user that actually violates the Act when they install the software and put it to use. This is what the lower court found in its decision, based on a Report and Recommendation (R & R) put together by a magistrate judge.

With respect to the claimed violation of 18 U.S.C. § 2511, the R&R concluded that Awareness itself did not “intercept” Luis’s communications because it was Joseph [Zang]—not Awareness—that installed the WebWatcher program on the computer used by Catherine. And with respect to the claimed violation of 18 U.S.C. § 2512, the R&R concluded that Awareness could not be held liable simply for manufacturing a product that others—such as Joseph—used to violate the Wiretap Act.

Awareness also argued that WebWatcher's interception of communications wasn't "contemporaneous" and therefore isn't a violation of the Wiretap Act. Instead, it claimed it grabbed communications in "near real-time" and stored a copy on its servers for access by users. The Appeals Court notes that Awareness's own promotional efforts seem to tell a different story.

The marketing materials attached to Luis’s complaint support this conclusion. As Luis notes, the materials state that WebWatcher lets its users review a person’s electronic communications “in near real-time, even while the person is still using the computer.” The materials further note that any deviation from real-time monitoring results not from delays regarding when the communications are acquired, but from variations in “the Internet connection speed of the computer being monitored.”

This near real-time monitoring is significant. If a WebWatcher user can in fact review another person’s communications in near real time, then WebWatcher must be acquiring the communications and transferring them to Awareness’s servers as soon as the communications are sent. The program, in other words, does not wait for the communications to be stored; instead, the program as described captures and reroutes the communications so that a WebWatcher user can review the communications at nearly the same time as they are being transmitted.

In addition, the marketing materials state that “[e]ven if a document is never even saved, WebWatcher still records it.” This feature indicates that WebWatcher does not wait for electronic communications to be saved in a computer’s electronic storage. Rather, the product records the communications as they are being sent, without regard for whether a copy is ever placed in the storage of the affected computer. This aspect of WebWacher’s operations thus implies that the alleged acquisition of Luis’s communications indeed occurred while the communications were still “in flight.”

The court also notes that Awareness's own marketing materials suggest there are few wholly-legal uses for its WebWatcher software. Given its function, most end user deployment is almost certain to violate federal or state wiretap laws. (This explains the following disclaimer on the WebWatcher site: "Awareness Technologies Terms of Use and End User Licensing Agreement require that you only install its software on computers that you own or have permission to monitor and that you inform all users of those computers that they are being monitored.") Because of this, the court finds that Awareness cannot dodge civil liability simply because it performs no interception of communications until a purchaser installs and deploys its software.

[W]e today hold that a defendant such as Awareness—which allegedly violates § 2512(1)(b) by manufacturing, marketing, and selling a violative device—is subject to a private suit under § 2520 only when that defendant also plays an active role in the use of the relevant device to intercept, disclose, or intentionally use a plaintiff’s electronic communications.

So even though Awareness itself did not initiate the specific action that “intercepted, disclosed, or intentionally used” Luis’s communications in violation of the Wiretap Act, it is alleged to have actively manufactured, marketed, sold, and operated the device that was used to do so. This is enough to establish that Awareness was “engaged in” a violation of the Wiretap Act in a way that defendants such as those in Treworgy and Amato—who simply possessed wiretapping devices—were not.

The dissenting opinion, however, points out that allowing the plaintiff to pursue Awareness under the Wiretap Act not only shifts some responsibility off the shoulders of the person who initiated the interception (the aggrieved husband) but also more than "liberally construes" the content of Javier Luis's pro se filing.

The majority accepts Luis’s argument on appeal that the complaint directly implicates Awareness in paragraph 77. But this reading is much more than just charitable—it grasps at straws. In describing how WebWatcher operates, Paragraph 77 uses only a possessive pronoun that lacks any antecedent: “WebWatcher immediately and instantaneously routs the intercepted communications to their servers located in California to be stored for their subscribers to later retrieve at their leisure.” Awareness is neither named nor the subject of the action. This paragraph, located amidst Luis’s allegations against the other defendants, does not give rise to the plausible inference that Awareness intentionally intercepted Luis’s communications.


It does not put Awareness on notice that it—the manufacturer and seller— could be liable for anonymous customer Joseph Zang’s misuse of the WebWatcher. Luis’s novel theory of liability does not appear even to have been tried, much less to have been successful, in any previous case. Neither Awareness nor the district court should have been expected to divine it from Luis’s allegations against the other defendants. I would affirm the district court’s dismissal of Luis’s § 2511 claim against Awareness. I would affirm the dismissal of Luis’s state-law claims for the same reason.

That's the downside of this reversal by the Appeals Court: manufacturers and developers will now face an increased risk of civil litigation if their products could possibly be used to violate laws. This negative side effect is diminished somewhat by Awareness's participation in the interception -- the storage of communications on its servers -- but it's still the sort of thing that could encourage speculative litigation aimed at the target with the deepest pockets, rather than the entity that actually broke the law.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  • identicon
    bob, 19 Aug 2016 @ 11:08am

    follow the money.

    This would set a terrible precedent if his suit was upheld. The company is only included in the lawsuit because it has money and I bet Joseph (the husband) doesn't.

    This is the result of badly written laws and an apparently bad marriage.

    reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 19 Aug 2016 @ 11:34am

    This is one of these cases where EFF is needed. And where even if you disagree with the defendants actions they must win to preserve the health of innovative companies and ideas. Sure this company wouldn't be a huge loss but if people start suing open source, free software for something their users did we'll quickly start seeing the disappearance of some developing branches.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Aug 2016 @ 11:40am


      Indeed, this is a huge problem for tool makers of any kind hard or soft.

      The idea that any tool maker be it Smith & Wesson, Craftsman, Lego, Microsoft, Caterpillar, or General Mills because someone used their product in the process of breaking the law is a product of serious cognitive malfunction.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 19 Aug 2016 @ 11:42am

        Re: Re:

        Apparently I just had one myself. Let me rephrase that.

        The idea that any tool maker can be held responsible be it Smith & Wesson, Craftsman, Lego, Microsoft, Caterpillar, or General Mills because someone used their product in the process of breaking the law is a product of serious cognitive malfunction.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Aug 2016 @ 11:36am

    Shinks to high heavens...

    This bullshit reeks, I hope this fucker loses.

    reply to this | link to this | view in chronology ]

  • icon
    PlagueSD (profile), 19 Aug 2016 @ 11:41am

    Breaking News!!

    Man sues Smith & Wesson for death of son by shooting. Details at 11.

    reply to this | link to this | view in chronology ]

  • icon
    afn29129 (profile), 19 Aug 2016 @ 3:31pm

    Common items like.......

    It would make no sense to hold mfgrs of ...
    Microcassette records with voice activation.
    Wireless microphones.
    Pinhole cameras.
    Security cameras....
    That it was done on a computer makes no difference.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Aug 2016 @ 9:56pm


    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Aug 2016 @ 10:04pm


    Unlike the examples of products that are self contained - such as guns, cameras, microphones, etc. this particular product stored data at the company's website.

    If the product stored data on a computer that was controlled by Mr. Zang, then there certainly would be no case, but they stored it and made it available on Awareness' computers.

    In the other product examples, there is only one person who uses those technologies and therefore can access what they provide. In this case, both Mr. Zang and Awareness have access to the communications. That is why the court allowed it.

    That isn't to say it is guaranteed to be found guilty, but it is enough to make them have to argue why their possession of someone else's communications is not a violation of the Wiretap Act.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Aug 2016 @ 5:57pm

    Shoulda used Linux.

    reply to this | link to this | view in chronology ]

  • icon
    Tanner Andrews (profile), 22 Aug 2016 @ 1:51am

    Collaborative Effort

    The vendor did more than furnish a tool. It was an active participant. It is as though Smith and Wesson were handing bullets to a guy operating a single-shot rifle so that he could more quickly fire at his victims.

    Here, the ``tool'' worked only with the active participation of the defendant Awareness. Awareness knowingly and intentionally, as part of its product, collected intercepted data. At least that appears to be the allegation of the complaint; it remains to be proved.

    reply to this | link to this | view in chronology ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.