Searching over 5,500,000 cases.


searching
Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

Brodsky v. Apple Inc.

United States District Court, N.D. California, San Jose Division

August 30, 2019

JAY BRODSKY, et al., Plaintiffs,
v.
APPLE INC., Defendant.

          ORDER GRANTING WITHOUT PREJUDICE APPLE'S MOTION TO DISMISS RE: DKT. NO. 32

          LUCY H. KOH, UNITED STATES DISTRICT JUDGE.

         Plaintiffs Jay Brodsky, Brian Tracey, Alex Bishop, and Brendan Schwartz (“Plaintiffs”) bring this putative class action against Defendant Apple Inc. (“Apple”) for alleged privacy and property violations based on Apple's two-factor authentication login tool. Before the Court is Apple's motion to dismiss Plaintiffs' first amended complaint (“FAC”). Having considered the submissions of the parties, the relevant law, and the record in this case, the Court GRANTS Apple's motion to dismiss without prejudice.

         I. BACKGROUND

         A. Factual Background

         Plaintiffs are individuals residing in the United States. ECF No. 13 (“FAC”), ¶ 7. Apple is a California corporation that designs and sells products including iPhones, iPads, Macbooks, Apple TVs, and Apple Watches. Id. ¶¶ 8, 14. Once a consumer buys an Apple product, the Apple product is associated with the consumer's Apple ID, which is the individual's email address. Id. An Apple ID is required to use Apple services, such as FaceTime and iMessage. Id. ¶ 15.

         Plaintiffs allege that Apple's provision of two-factor authentication (“2FA”) as an Apple ID login process violates Plaintiffs' right to privacy. Id. ¶ 1. 2FA is enabled in three instances: “(i) a software update occurs on one of the Apple devices; (ii) on creation of a new Apple ID; or (iii) owner of the Apple device turns on two-factor authentication in the Settings.” Id. ¶ 16.

         When enabled, 2FA requires a multi-step login process before a user can access Apple services. First, the user must enter his Apple ID password on the Apple device on which the user wishes to use Apple services. Id. Second, the user must enter his Apple ID password on a second trusted Apple device and wait to receive a six-digit verification code on the second Apple device. Id. Third, the user must enter the six-digit verification code on the first Apple device. Id. According to Plaintiffs, 2FA takes “2-5 or more minutes” than other login processes. Id.

         After 2FA is enabled, Apple will sometimes send an email to the user that explains that the user can disable 2FA: “If you didn't enable two-factor authentication and believe someone else has access to your account, you can return to your previous security settings. This link and your Apple ID security questions will expire on October 15, 2018.” Id. ¶ 18. Plaintiffs allege that the link allowing a user to disable 2FA expires within 14 days after 2FA's enablement. Id. The email also explains that 2FA “is an additional layer of security designed to ensure that you're the only person who can access your account, even if someone knows your password” and that 2FA “significantly improves the security of your Apple ID and helps protect the photos, documents, and other data you store with Apple.” Id.

         Plaintiff Brodsky alleges that in September 2015, a software update enabled 2FA for Plaintiff Brodsky's Apple Id. Id. ¶ 19.

         Plaintiff Tracey alleges that he was “forced to enable 2FA for a software update on his Apple devices.” Id. ¶ 20.

         Plaintiff Bishop alleges that “based on an unforeseen consequence outside of his control, ” he lost access to his second trusted Apple device, which he used for 2FA. Id. ¶ 21. Plaintiff Bishop could not access Apple services using Apple ID “for days.” Id.

         Plaintiff Schwartz alleges that he lost his second trusted Apple device “based on events outside of his control.” Id. ¶ 22. Then, Apple placed Plaintiff Schwartz in its account recovery process and Plaintiff Schwartz could not use his Apple ID “for months.” Id.

         B. Procedural History

         On February 8, 2019, Plaintiff Brodsky filed this lawsuit against Apple. ECF No. 1. On March 29, 2019, Plaintiffs filed the FAC, with Tracey, Bishop, and Schwartz added as named Plaintiffs. ECF No. 13. The FAC alleges five causes of action: (1) trespass to chattels, id. ¶¶ 47- 52; (2) violation of the California Invasion of Privacy Act (“CIPA”), California Penal Code § 631, id. ¶¶ 53-56; (3) violation of the California Computer Crime Law (“CCCL”), California Penal Code § 502, id. ¶¶ 57-69; (4) violation of the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030, id. ¶¶ 70-78; and (5) unjust enrichment, id. ¶¶ 79-81.

         Plaintiffs bring suit on behalf of the following putative class:

All persons or entities in the United States who own or owned an Apple Watch, iPhone, iPad, MacBook, or iMac or use Apple Services that have enabled two-factor authentication (“2FA”), subsequently want to disable 2FA, and are not allowed to disable 2FA.

Id. ¶ 29. The class period began “when Apple introduced 2FA in 2015.” Id. ¶ 28.

         On May 1, 2019, Apple filed the instant motion to dismiss Plaintiffs' FAC. ECF No. 32 (“Mot.”). On May 15, 2019, Plaintiffs filed an opposition. ECF No. 34 (“Opp.”). On May 22, 2019, Apple filed a reply in support of its motion to dismiss. ECF No. 37 (“Reply”).

         On May 15, 2019, the parties filed a joint case management statement. ECF No. 35. In the joint case management statement, Apple asked the Court to stay discovery until after the Court determines whether Plaintiffs can state a claim. Id. at 6. On May 16, 2019, the Court continued the May 22, 2019 case management conference to September 25, 2019 and stayed discovery “until the Court orders otherwise.” ECF No. 36.

         II. LEGAL STANDARD

         A. Motion to Dismiss Under Federal Rule of Civil Procedure 12(b)(6)

         Rule 8(a)(2) of the Federal Rules of Civil Procedure requires a complaint to include “a short and plain statement of the claim showing that the pleader is entitled to relief.” A complaint that fails to meet this standard may be dismissed pursuant to Federal Rule of Civil Procedure 12(b)(6). The United States Supreme Court has held that Rule 8(a) requires a plaintiff to plead “enough facts to state a claim to relief that is plausible on its face.” Bell Atlantic Corp. v. Twombly, 550 U.S. 544, 570 (2007). “A claim has facial plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009). “The plausibility standard is not akin to a probability requirement, but it asks for more than a sheer possibility that a defendant has acted unlawfully.” Id. (internal quotation marks omitted). For purposes of ruling on a Rule 12(b)(6) motion, the Court “accept[s] factual allegations in the complaint as true and construe[s] the pleadings in the light most favorable to the nonmoving party.” Manzarek v. St. Paul Fire & Marine Ins. Co., 519 F.3d 1025, 1031 (9th Cir. 2008).

         The Court, however, need not accept as true allegations contradicted by judicially noticeable facts, see Schwarz v. United States, 234 F.3d 428, 435 (9th Cir. 2000), and it “may look beyond the plaintiff's complaint to matters of public record” without converting the Rule 12(b)(6) motion into a motion for summary judgment, Shaw v. Hahn, 56 F.3d 1128, 1129 n.1 (9th Cir. 1995). Nor must the Court “assume the truth of legal conclusions merely because they are cast in the form of factual allegations.” Fayer v. Vaughn, 649 F.3d 1061, 1064 (9th Cir. 2011) (per curiam) (internal quotation marks omitted). Mere “conclusory allegations of law and unwarranted inferences are insufficient to defeat a motion to dismiss.” Adams v. Johnson, 355 F.3d 1179, 1183 (9th Cir. 2004).

         B. Leave to Amend

         If the Court determines that a complaint should be dismissed, it must then decide whether to grant leave to amend. Rule 15(a) of the Federal Rules of Civil Procedure states that leave to amend “shall be freely given when justice so requires, ” bearing in mind “the underlying purpose of Rule 15 to facilitate decisions on the merits, rather than on the pleadings or technicalities.” Lopez v. Smith, 203 F.3d 1122, 1127 (9th Cir. 2000) (en banc) (alterations and internal quotation marks omitted). When dismissing a complaint for failure to state a claim, “a district court should grant leave to amend even if no request to amend the pleading was made, unless it determines that the pleading could not possibly be cured by the allegation of other facts.” Id. at 1130. Thus, leave to amend generally shall be denied only if allowing amendment would unduly prejudice the opposing party, cause undue delay, or be futile, or if the moving party has acted in bad faith. Leadsinger, Inc. v. BMG Music Publ'g, 512 F.3d 522, 532 (9th Cir. 2008).

         III. DISCUSSION

         Apple moves to dismiss each of Plaintiffs' claims for failure to state a claim. Apple also contends that certain claims are barred by the statute of limitations or must be dismissed because Plaintiffs fail to allege their states of residence. The Court first addresses the sufficiency of each of Plaintiffs' individual claims. Then, the Court addresses Apple's other arguments that the FAC is deficient.

         A. Claim for Trespass to Chattels

         Plaintiffs allege that Apple committed trespass to chattels because Apple “interfered with Plaintiffs and Class Members' possessory interest of their one or more Apple devices by requiring an extraneous login process through two-factor authentication that is imposed on ...


Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.