Earlier this week, we reported on Gutierrez v. Converse Inc., a putative class action under the California Invasion of Privacy Act (“CIPA”) arising out of Converse’s use of online chat features on its website. After the Central District of California granted summary judgment in Converse’s favor, Plaintiff Gutierrez appealed to the Ninth Circuit, leading to oral arguments during which the Court of Appeals panel questioned whether CIPA applies to internet communications.
The decision is here: Justices Bybee, Ikuta and Forrest of the Ninth Circuit Court of Appeals have affirmed summary judgment for Converse on evidentiary grounds, dismissing Plaintiff Gutierrez’s claims that Converse aided and abetted violations of CIPA Section 631(a) by Salesforce, a third party that helped operate Converse’s website chat function.
But does CIPA ‘s wiretapping clause apply to internet communication? Justice Bybee says no.
Background
Section 631(a) broadly prohibits the interception of wire communications and disclosure of the contents of such intercepted communications. The first clause of Section 631(a) prohibits intentionally tapping or making any unauthorized connection “with any telegraph or telephone wire, line, cable, or instrument[.]” Cal. Penal Code § 631(a). The second clause of Section 631(a) prohibits willfully reading or attempting to read or learn the contents of a message without the consent of the parties to the communication “while [such message] is in transit or passing over any wire, line, or cable, or is being sent from, or received at any place within this state[.]” Id. The fourth clause of Section 631(a) prohibits aiding and abetting any such acts. Id.
In this case, Converse’s website contains a chat feature that connects website users with live customer service agents. When a customer initiates a chat, messages sent through the chat feature are transmitted from the user’s device to a cloud bases server licensed from Salesforce. These messages are encrypted while in transit. The chat data, including chat transcripts, is stored on Salesforce’s servers and is accessible only through a password-protected customer dashboard.
District Court Decision
Previously, the district court granted summary judgment in Converse’s favor, finding that the Plaintiff presented no evidence that Converse’s website involves telephone communications. Rather, it was undisputed that the chat feature involved internet communications and Plaintiff used her smart phone’s internet capabilities to use the chat feature. The court held that the first clause of Section 631(a) was, therefore, inapplicable. Additionally, the district court held that Plaintiff presented no evidence that Salesforce intercepts messages sent through Converse’s chat feature “while . . . in transit” or reads or attempts to read the contents of such messages. See Nora Gutierrez v. Converse Inc. et al, No. CV 23-6547-KK-MARX, 2024 WL 3511648 (C.D. Cal. July 12, 2024).
Ninth Circuit Court of Appeals Affirms
The Ninth Circuit Court of Appeals reviewed de novo, holding that Plaintiff’s first clause claim fails because no evidence exists that Salesforce “made an unauthorized connection through a telephone wire, line, cable, or instrument with the messages sent by Gutierrez.” Additionally, the second clause claim fails because there was no evidence that Salesforce read or attempted to read her chat message. At best, the evidence showed that Salesforce could read messages sent through the Converse chat feature. Therefore, the fourth clause claim also fails because Plaintiff could not establish an underlying violation of section 631(a)’s first or second clauses. See Nora Gutierrez v. Converse Inc. et al, No. 24-4797, 2025 WL 1895315 (9th Cir. July 9, 2025).
Justice Bybee’s Concurrence
Justice Bybee agreed with the decision to affirm summary judgment on evidentiary grounds. But more interestingly, he stated that “the first clause claim should be affirmed for a different and more obvious reason: . . . § 631(a)’s first clause does not apply to internet communications.”
“§ 631(a)’s first clause does not apply to internet communications.”
Justice Bybee stressed that 631(a)’s first clause penalizes the use of any instrument to wiretap or make any unauthorized connection with any telegraph or telephone wire, line, cable, or instrument, questioning whether this phrase contemplates an online chat message sent on a smartphone. According to him, “Today’s smartphones do not send messages over a ‘telephone wire’ as that phrase was understood in 1967 when the California legislature passed CIPA. . . smartphones are mini-computers capable of accessing the internet, something the California legislature had never heard of (or could have imagined) in 1967.”
Justice Bybee also rebutted the notion that CIPA must be interpreted to apply to evolving technologies, stating that, “Because the text is unambiguous, and does not apply to the internet, we need not consider additional tools of statutory interpretation, including the California Supreme Court’s willingness, in the face of ambiguity, to ‘apply a legal text to technologies that did not exist when the text was created.’” (quoting Apple v. Super. Ct., 292 P.3d 883, 887 (Cal. 2013)). Instead, he stated, if the California legislature wanted to apply Section 631(a) to the internet, it could do so by amending the provision or supplementing CIPA’s statutory scheme as it did in 1992 and 2017, criminalizing the interception and recording of a communication between two cordless telephones, and the disclosure or distribution of confidential communication with a health care provider on the internet respectively.
Notably, Justice Bybee held that consumers are not without recourse, as the California Consumer Privacy Act (“CCPA”) creates a private cause of action for unauthorized access or disclosure of nonencrypted and nonredacted personal information. See Cal. Civ. Code § 1798.150. In Justice Bybee’s view, “631(a)’s text, legislative history, subsequent augmentation, and relative ambiguity compared to the CCPA (which explicitly provides recourse for internet privacy violations like this one) compel the conclusion that § 631(a)’s first clause does not apply to the internet.”
Justice Bybee theorized why plaintiffs may prefer filing under CIPA when the CCPA offers a remedy: “It may be about the money—CIPA allows plaintiffs to recover $5,000 per violation compared to just $750 per violation under the CCPA . . . In a class action like this one, the difference in total recovery (and attorneys’ fees) could be millions of dollars.” (Bingo!)
“It may be about the money—CIPA allows plaintiffs to recover $5,000 per violation compared to just $750 per violation under the CCPA . . . In a class action like this one, the difference in total recovery (and attorneys’ fees) could be millions of dollars.”
Avid CIPAWorld readers will notice that Justice’s Bybee’s opinion aligns squarely with the legislative intent behind Senate Bill 690, which seeks to exempt the use of website tracking technologies, such as pixels, cookies, and session replays, from CIPA, if these technologies are deployed for a “commercial business purpose.” More on that here.
Lastly, and perhaps most importantly, Justice Bybee addressed the Ninth Circuit decision in Javier v. Assurance IQ, LLC, No. 21-16351 (9th Cir. May 31, 2022), in which the court had massively expanded the scope of CIPA to cover virtually every website interaction. As observed by Justice Bybee, “Javier has led to a raft of § 631(a) litigation,” and is often cited in support of the proposition that Section 631(a) applies to internet communications. But according to Justice Bybee, this is misleading, because Javier only considered Section 631(a)’s second clause, which prohibits nonconsensual reading of a communication in transit over a wire. Additionally, Javier as an unpublished disposition is not precedential. Unpublished opinions generally do not have precedential value and are not binding on courts, though some courts may allow them to be cited as persuasive authority. See Ninth Circuit Rule 36-3.
This brings us to a caveat: The Court of Appeals decision in Converse is also unpublished and does not have precedential value. Neverthelss, Converse offers a valuable data point for businesses, and signals that California courts, like the California legislature, are moving towards a more restrictive application of CIPA when more appropriate remedies exist under laws explicitly aimed at privacy and data protection on the internet.
You can read the Court of Appeals Memorandum here.