Searching over 5,500,000 cases.


searching
Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

Krise v. Sei/Aaron's, Inc.

United States District Court, N.D. Georgia, Atlanta Division

August 18, 2017

KAREN KRISE, et al., Plaintiffs,
v.
SEI/AARON'S, INC. a franchisee of Aaron's, Inc. doing business as Aaron's Sales and Leasing,, Defendants.

          OPINION AND ORDER

          THOMAS W. THRASH, JR. United States District Judge

         The Plaintiffs Karen Krise, Corie Cason, Chauncey Robertson, Sr., and Jamie Robertson allege that the Defendant SEI/Aaron's, Inc. - a franchisee of Aaron's, Inc. - unlawfully accessed their computers from a remote location and collected private information stored therein. It is before the Court on the Defendant's Motion for Summary Judgment [Doc. 97], Motion to Exclude the Testimony of Micah Sherr [Doc. 104], and Motion to Exclude the Testimony of Michael Maschke [Doc. 111]. For the reasons set forth below the Defendant's Motion to Exclude the Testimony of Micah Sherr [Doc. 104] is GRANTED in part and DENIED in part; the Defendant's Motion to Exclude the Testimony of Michael Maschke [Doc. 111] is DENIED; and the Defendant's Motion for Summary Judgment [Doc. 97] is GRANTED.

         I. Background

         The Defendant SEI/Aaron's, Inc. (“SEI”) - a Georgia corporation with its headquarters in Atlanta, Georgia - is in the rent-to-own business.[1] Between 2010 and 2011, it operated approximately seventy franchise stores, which were located in Connecticut, Kentucky, Maine, Massachusetts, New Hampshire, New York, Rhode Island, and Vermont.[2] From October 5, 2010 to December 27, 2011, the Defendant installed a software program - PC Rental Agent (“PCRA”) - on all computers it leased to its customers.[3] PCRA, which was owned by a company named DesignerWare, enabled the Defendant to “render a computer inoperable” by simply logging onto the DesignerWare website and placing a computer on “lockdown” mode.[4] Once the computer was locked, a customer could not use it and had to contact an SEI store to have the computer unlocked.[5] On August 8, 2011, DesignerWare added a geolocation feature to PCRA.[6] This feature “directed the PCRA software installed on a computer to include the Wi-fi signals the computer picked up in its periodic reports.”[7] Finally, DesignerWare offered the “Detective Mode” feature on computers with PCRA installed.[8] Detective Mode could be remotely installed and activated, and once activated, it could capture keystrokes in addition to the content of the computer screen and clipboard.[9] Any data captured by Detective Mode would automatically be sent every two minutes to a designated email address.[10]

         The Defendant states that it maintained a policy of informing customers during the lease closing that PCRA was installed on their computers, and that the software enabled SEI to track, monitor, and lock down the leased computers.[11] Moreover, according to the Defendant, each customer signed an Addendum to the lease agreement acknowledging that he or she was aware of the software's capabilities.[12]The Defendant also contends that it retained ownership of each computer until a customer exercised one of two purchase options.[13] In adherence to SEI policy, the Defendant asserts that the general manager of each SEI store had the credentials to log onto the DesignerWare website and lock down a computer.[14] For Detective Mode, only the district managers and SEI's Director of Operational Support, Tennyson Cox, had the log in credentials to install and activate the feature.[15] The Defendant stopped using Detective Mode on May 6, 2011.[16] On or about January 23, 2012, the Defendant removed PCRA from all leased computers connected to the internet.[17]

         The Plaintiffs Chauncey Robertson, Sr. and Jamie Robertson leased their laptop on October 7, 2010 from an SEI store in Meriden, Connecticut.[18] According to the Defendant, Ms. Robertson executed the lease documents, including the Addendum.[19]The Plaintiffs deny that Ms. Robertson signed the Addendum.[20] On November 9, 2010, SEI activated Detective Mode on the Robertsons' computer.[21] Detective Mode was deactivated on November 10, 2010.[22] The Defendant characterizes the activation as an error. It states that a different customer reported his computer as stolen, and SEI was attempting to locate that computer by activating Detective Mode.[23] The Defendant contends that the mix up occurred because the computers were the same brand with a similar or identical model number.[24] The Plaintiffs counter that the activation was not in error.[25] Beyond the Detective Mode activation, the Robertsons contend that their computer was slow and eventually returned the computer on June 27, 2011.[26]

         The Plaintiff Corie Cason leased her computer on March 4, 2011, from an SEI store in Buffalo, New York.[27] The Defendant asserts that Cason executed both the computer lease agreement and the Addendum, but it does not possess either document.[28] The Plaintiffs deny that Cason signed the Addendum.[29] Similar to the Robertsons, Cason contends that her leased computer was “sluggish.”[30] Based on the computer's allegedly slow speed, Cason brought it in for service in 2012 and 2014.[31]She eventually returned the computer to SEI in March of 2014.[32] The Defendant contends that, in 2011, only three months after she leased the computer, Cason learned about PCRA through a news article and the Plaintiffs' counsel's website.[33] Yet, she chose to keep the computer until 2014.[34] Cason testified that she learned about PCRA through a news article and website, but could not recall what date she learned about PCRA.[35]

         The Plaintiff Karen Krise leased her computer on August 24, 2011, from an SEI store in Massena, New York.[36] The Defendant asserts that Krise signed the PCRA Addendum on the same day she leased her computer.[37] The Plaintiffs, however, dispute this account. Krise denies that she signed the Addendum at the time of the lease.[38] Soon after leasing the computer, Krise began to make late and/or partial lease payments.[39] Because of the late payments, on October 14, 2011, SEI placed Krise's computer in lockdown mode.[40] That same day, Krise made her lease payment and was given a code to unlock the computer.[41] Krise alleges that, on October 13, 2011, using the leased computer, she set up an E-bay auction that was scheduled for the next day.[42]She claims that once she unlocked her computer, all of her data had been deleted and the computer had been restored to factory settings.[43] Because her computer data was deleted and she was unable to use her computer while on lockdown, Krise alleges that she lost potential E-bay bids.[44] Then, on October 15, 2011, Krise went on Herman Gerel's website, “webcamlawsuits.com.”[45] There, she learned about PCRA and the litigation surrounding use of the software.[46] Despite the potential presence of the software, Krise kept the computer until December 19, 2011.[47] Krise, however, contends that between October and December she rarely used the computer and would cover the webcam with tape.[48]

         On April 23, 2014, the Plaintiffs filed a class action complaint against SEI. They seek to represent a class of “(a) all persons who have purchased, leased, and/or rented (“Lease-Purchase” or “Lease-Purchased”) from SEI personal computers on which PC Rental Agent had been installed without such persons' consent, and (b) all members of each such person's household.”[49] The Plaintiffs allege that SEI did not disclose to its customers that it installs PCRA on its leased computers or that it used Detective Mode to obtain data from the computers.[50] Furthermore, they allege that PCRA harmed the leased computers by, among other things, making them slow.[51]They allege five counts, including invasion of privacy; computer trespass, O.C.G.A. § 16-9-93(b); computer invasion of privacy, O.C.G.A. § 16-9-93(c); and violation of the Electronic Communications Privacy Act (“ECPA”), 18 U.S.C. § 2511.[52] The Defendant now moves for summary judgment on each of the Plaintiffs' claims.[53]

         II. Legal Standards

         A. Daubert Motion

         Federal Rule of Evidence 702 governs the admission of expert opinion testimony. Pursuant to that rule, before admitting expert testimony a court must consider: (1) whether the expert is competent to testify regarding the matters he intends to address; (2) whether the methodology used to reach his conclusions is sufficiently reliable; and (3) whether the testimony is relevant, in that it assists the jury to understand the evidence or determine a fact in issue.[54] In ruling on the admissibility of expert testimony, “[t]he focus must be ‘solely' on the expert's ‘principles and methodology, not on the conclusions that they generate.'”[55] If the expert predicates his testimony on an assumption that is belied by the evidence, the expert's testimony is properly excluded.[56] The party offering the expert's testimony has the burden to prove it is admissible by a preponderance of the evidence.[57]

         B. Motion for Summary Judgment

         Summary judgment is appropriate only when the pleadings, depositions, and affidavits submitted by the parties show no genuine issue of material fact exists and that the movant is entitled to judgment as a matter of law.[58] The court should view the evidence and any inferences that may be drawn in the light most favorable to the nonmovant.[59] The party seeking summary judgment must first identify grounds to show the absence of a genuine issue of material fact.[60] The burden then shifts to the nonmovant, who must go beyond the pleadings and present affirmative evidence to show that a genuine issue of material fact does exist.[61] “A mere ‘scintilla' of evidence supporting the opposing party's position will not suffice; there must be a sufficient showing that the jury could reasonably find for that party.”[62]

         III. Discussion

         A. Daubert Motions

         1. Micah Sherr

         The Defendant moves to exclude the testimony of the Plaintiffs' expert Micah Sherr. The Defendant does not challenge Sherr's qualifications. Instead, the Defendant contends that Sherr's testimony fails to satisfy the relevance prong, because he did not apply his principles and methods reliably to the facts of the case. The Defendant asserts that Sherr's opinions regarding the ECPA are unreliable because they are based on an incorrect legal standard. The ECPA is only applicable to electronic communications that are intercepted, meaning acquired “contemporaneous with transmission.”[63] The Eleventh Circuit defines “contemporaneous with transmission” to mean the electronic communication is captured “in flight.”[64] The Defendant states that Sherr's reports and testimony do not apply the “in flight” standard. Specifically, SEI argues that “Sherr opines that a communication can be ‘intercepted' for purposes of the ECPA if it is captured ‘in close time proximity' to transmission, rather than during transmission.”[65] In response, the Plaintiffs assert that Sherr is not creating a different legal standard, and that Sherr's testimony should not be excluded merely because he did not use the phrase “in flight.”[66] They point out that Sherr testified that Detective Mode's functions could capture electronic information contemporaneously with its transmission.[67]

         The Court finds that the expert Sherr's opinion should not be excluded. Some courts have concluded that receipt of the electronic communication “within a second” is contemporaneous.[68] But what qualifies as contemporaneous with transmission is “not so well-defined or beyond reasonable argument that th[e] issue[] should be effectively decided by a Daubert order.”[69] Sherr opined that Detective Mode's keystroke feature is capable of intercepting communication “nearly at the instant the communication is transmitted over the network.”[70] He further noted that “[s]ince PCRA with Detective Mode continuously captures keystrokes as they occur, any and all typed communication will be intercepted at the time in which the user inputs the communication.”[71] Sherr's opinions and testimony do not strike the Court as unreliable. They provide at least a reasonable argument as to what qualifies as contemporaneous in the context of Detective Mode. The Court therefore declines to exclude Sherr's opinions and testimony regarding the contemporaneous interception of electronic communications. The issue of what constitutes a contemporaneous interception will be addressed in the context of the Defendant's Motion for Summary Judgment.

         Next, the Defendant seeks to exclude Sherr's opinions related to the Plaintiffs' computer trespass claims. The Plaintiffs allege that the Defendant committed computer trespass under O.C.G.A. § 16-9-93(b). To commit a computer trespass under O.C.G.A. §16-9-93(b), a person must use a computer with the knowledge that he or she is without authority to use it and with the intention of “[o]bstructing, interrupting, or in any way interfering with the use of a computer program or data.”[72] In addition, the plaintiff's person or property must be damaged via the computer trespass.[73] The Plaintiffs here allege that the installation of PCRA constitutes a computer trespass because PCRA made the leased computers sluggish. In support of their allegations, the Plaintiffs rely on Sherr's opinions regarding PCRA's purported flaws. In his expert report, Sherr identified three alleged flaws - weakened security, memory leak, and data loss - which the Plaintiffs contend caused the alleged sluggishness.[74] The Defendant argues that Sherr's opinions regarding the purported flaws are speculative, because they are based on a limited review of the PCRA source code, not on an actual computer with PCRA installed. The Defendant also notes that Sherr's testimony fails to account for obvious alternative causes for the alleged damage.

         The Court agrees with the Defendant. Sherr's opinions with regard to the speed of the computers are unsupported speculations that do not assist the trier of fact. In his report, Sherr opines that by removing various security features on the computer operating system, PCRA increased the likelihood of a malware infection.[75] And because malware may cause a computer to run slow, PCRA may be to blame for the alleged sluggishness.[76] For memory leak and data loss, Sherr opined that “[b]oth memory leaks and memory corruption can contribute to (1) the ‘sluggishness' of a computer and (2) the stability of the software running on that computer, ” and that he “found numerous instances in which PCRA can cause loss of user data.”[77] “For example, PCRA could cause the contents of an email that is being composed in an Internet browser to be permanently lost. Additionally, PCRA may cause additional data loss by preventing access to critical components of the operating system that are intended to help the user recover lost data.”[78] These equivocal statements with regard to the cause of the alleged computer damage do not assist the trier of fact to determine causation.[79] To assist the trier of fact, the evidence presented must be relevant. Federal Rule of Evidence 401 defines relevant evidence as having “any tendency to make a fact more or less probable than it would be without the evidence.”[80] Sherr's consistent use of “may, ” “can, ” and “could” makes Sherr's statements merely possible, not more probable.[81] A statement that something is merely possible “does not ‘logically advance a material aspect of [the Plaintiffs'] case.'”[82] Thus, the Court grants the Defendant's Motion to Exclude Sherr's opinions regarding computer performance.

         2. Michael Maschke

         The Defendant seeks to exclude the opinions of the Plaintiffs' expert, Michael Maschke. The Defendant asserts that Maschke's opinions are unreliable, because they are based on cursory and unscientific examinations of computers with PCRA. However, the Court finds the Defendant's Motion to be premature. The Plaintiffs do not rely on Maschke's opinions in their response to the Defendant's Motion for Summary Judgment. Moreover, the Plaintiffs state that they have not decided whether they will use the Maschke's testimony at trial.[83] The Court therefore denies without prejudice the Defendant's Motion to Exclude the Testimony of Michael Maschke.[84]

         B. Robertsons' Claims

          1. Standing

         The Defendant asserts that the Plaintiffs Chauncey Robertson, Sr. and Jamie Robertson do not have standing to allege any claims based on the Defendant's use of Detective Mode. The Robertsons were not originally part of the instant lawsuit. They were added as a party on June 18, 2014, when the Plaintiffs filed a First Amended Complaint.[85] In the original Complaint, none of the named Plaintiffs alleged that Detective Mode was installed on their computers. As a result, the Defendant contends that because “at least one named class representative must have Article III standing to raise each subclaim” in a Complaint, the Plaintiffs cannot amend their Complaint to add the Robertsons' claims based on Detective Mode.[86]

         The Court disagrees. The case the Defendant cites in support of its argument is distinguishable. In Wright v. Dougherty County, Georgia, the Eleventh Circuit held that because a plaintiff lacked standing to bring any claim against the defendant, the plaintiff “also lack[ed] standing to amend the complaint to consolidate with a party who may have standing.”[87] Here, the Defendant does not challenge the original Plaintiffs' standing to assert claims based on the Defendant's use of PCRA. And because the original Plaintiffs have standing to assert their original claims, the original Plaintiffs also have the right to seek leave to amend their Complaint to add additional plaintiffs. Indeed, the Plaintiffs sought leave, and the Court granted it.[88] The Court therefore concludes that the Robertsons have standing to assert all of their claims.

         2. Invasion of Privacy - Detective Mode

         In Count I of their Second Amended Complaint, the Plaintiffs assert an invasion of privacy/intrusion on seclusion claim. The Plaintiffs allege that the Defendant's activation of Detective Mode on the Robertsons' computer invaded the Robertsons' privacy. The Defendant contends that the Robertsons' invasion of privacy claim based on the Detective Mode activation is barred by the applicable statute of limitations.[89]For privacy torts, Georgia applies a two-year statute of limitations, and “the statute of limitation generally begins to run at the time damage caused by a tortious act occurs.”[90] As noted above, Detective Mode was activated on the Robertsons' computer on November 9-10, 2010. Thus, the Robertsons' statute of limitations expired on November 10, 2012, which is, of course, well before the filing of the instant class action on April 23, 2014. Moreover, because no class actions were filed prior to November 10, 2012, no class action tolled the Robertsons' claim. As a result, the Robertsons' invasion of privacy of claim, insofar as it is based on the Defendant's activation of Detective Mode, is time barred.

         3. Invasion of Privacy - PCRA

         The Plaintiffs also allege that the Defendant's installation of PCRA on the Robertsons' computer invaded the Robertsons' privacy. The Defendant, once again, asserts that the Robertsons' claim is time barred. The Robertsons returned their computer to SEI on June 27, 2011. As a result, any invasion of privacy claim had to be filed by June 27, 2013. However, the Plaintiffs contend that, pursuant to the rule of American Pipe & Construction Co. v. Utah, [91] the Robertsons' claim was tolled by a prior class action. On March 5, 2013, Gwendolyn Sneed filed a putative class action against SEI, alleging claims for invasion of privacy based on SEI's activation of Detective Mode and installation of PCRA.[92] Then, on May 20, 2014, Sneed voluntarily dismissed her case prior to the district court's ruling on class certification.[93] According to the Plaintiffs, the Sneed action tolled the Robertsons' invasion of privacy claim.

         In American Pipe, the Supreme Court held that “the commencement of a class action suspends the applicable statute of limitations as to all asserted members of the class who would have been parties had the suit been permitted to continue as a class action.”[94] If and when class certification is denied, the limitations period begins to run.[95] The Defendant counters that the Robertsons' claim cannot be tolled because the Sneed action was voluntarily dismissed. It is generally accepted that a voluntarily dismissed complaint does not toll the statute of limitations.[96] “This is because the law treats a voluntarily dismissed complaint as if it never had been filed.”[97] The question therefore becomes how the general rule regarding voluntarily dismissed complaints affects a subsequent class action based on the same conduct.

         In arguing that the general rule is inapplicable, the Plaintiffs rely on Sawyer v. Atlas Heating and Sheet Metal Works, Inc.[98] There, the Seventh Circuit held that “[t]olling lasts from the day a class claim is asserted until the day the suit is conclusively not a class action - which may be because the judge rules adversely to the plaintiff, or because the plaintiff reads the handwriting on the wall and decides not to throw good money after bad.”[99] Thus, the Seventh Circuit held that a voluntarily dismissed class action does toll the putative class members' individual claims. The Seventh Circuit then answered an additional, more contested question: whether a successive class action that relies on American Pipe's tolling principle may proceed as a class action when the prior class action complaint was voluntarily dismissed. In answering this question in the affirmative, the Seventh Circuit held that a successive class action is precluded by a prior class action only when a “court denies certification for a reason that would be equally applicable to any later suit - for example, that the supposed victims are too few to justify class litigation . . . then members of the asserted class are bound by that decision.”[100] But if the court denied certification in the first class action because the class representative was inappropriate, “then there is no basis for binding other members of the putative class, who have yet to receive a judicial decision on the question whether a class is certifiable under Rule 23.”[101]

         The Eleventh Circuit disagrees with the Seventh Circuit's approach regarding prior class actions. In Ewing Industries Corp. v. Bob Wines Nursery, Inc., the Eleventh Circuit, citing Griffin v. Singletary, held that a prior class action that was dismissed because of an inadequate class representative - and not because of a defect in the class itself - did not toll the statute of limitations for a subsequent class action.[102] Thus, unlike the Seventh Circuit in Sawyer, the Eleventh Circuit found that every proposed class is not entitled to at least one attempt at class certification.[103] The court noted that its holding prevented “the potential for multiple rounds of litigation as the class seeks an adequate class representative.”[104] In accordance with the principle laid out in Ewing Industries, the Court finds that the Sneed action did not toll the Robertsons' class claim for invasion of privacy. If a named plaintiff's voluntarily dismissal of a class action tolled all future class action claims, the potential for “piggybacked” class actions arises. The initial class counsel could determine a class representative is inadequate and preemptively seek a voluntarily dismissal. Then, the class action could be filed again and again, with the hopes of finding an adequate representative. The Eleventh Circuit warned against “adopt[ing] any rule that has the potential for prolonging litigation about class representation even further.”[105] The Court will follow the Eleventh Circuit's warning: the Robertsons may not pursue their invasion of privacy claim as a class claim.

         Nevertheless, the Court finds that the Robertsons may pursue their invasion of privacy claim as an individual claim. Relying on In re IndyMac Mortgage-Backed Securities Litigation, the Defendant argues that the Robertsons' individual invasion of privacy claim should be dismissed. In that case, the plaintiffs argued that their claims were tolled by a prior class action complaint.[106] But the Southern District of New York held that the American Pipe rule does not apply where the initial complaint was dismissed voluntarily.[107] The court stated that because a voluntarily dismissed complaint is treated as if it was never filed, the initial complaint cannot toll the plaintiffs' claims.[108] It is unclear to the Court, however, whether the In re IndyMac court was referring to the plaintiffs' class claims or individual claims. The court's opinion does not clearly delineate between the two. Even so, it seems rather harsh to find a putative class member's individual claims are not tolled based on the whims of the class representative. As a result, the Court finds that the American Pipe rule is applicable to the Robertsons' individual invasion of privacy claim based on the Defendant's use of PCRA.

         Next, the Defendant argues that the Robertsons' PCRA invasion of privacy claim fails because no private data was captured. Before the Court can address this issue, however, it must determine whether Georgia law is applicable to the Robertsons' invasion of privacy claim. The Defendant contends that Connecticut law should apply to the Plaintiffs' claim. Though not completely clear to the Court, the Plaintiffs appear to assert that Georgia law should apply.[109] A federal court sitting in diversity applies the choice of law rules of the forum state to determine which law applies.[110] Therefore, the Georgia choice of law rules apply here. Georgia follows the doctrine of lex loci delicti:[111]

The general rule is that the place of the wrong, the locus delecti, is the place where the injury was suffered rather than the place where the act was committed, or, as it is sometimes more generally put, it is the place where the last event necessary to make an actor liable for the alleged tort takes place.[112]

         Thus, the substantive law of the jurisdiction where each Plaintiff suffered harm would apply to their claims. However, Georgia choice of law doctrine applies a unique exception to the lex loci delicti doctrine. When a harm is suffered out of state, the application of that state's laws “is limited to statutes and decisions construing those statutes.”[113] If no statute is relevant, Georgia common law applies to the parties' claims.[114]

         Nevertheless, Georgia common law will not apply if its application is inconsistent with due process. To determine whether the application of Georgia law to the Plaintiffs' claim is consistent with due process, “the court must analyze whether the State of Georgia has ‘significant contact or significant aggregation of contacts to the claims asserted by each . . . [Plaintiff], contacts creating state interests, in order to ensure that the choice of Georgia law is not arbitrary or unfair.'”[115] Here, the Defendant SEI is a Georgia corporation with its principal place of business in Atlanta, Georgia. SEI purchased PCRA from its Atlanta office and made payments for the spyware from its Atlanta office.[116] But these are the only contacts to the state of Georgia. The Robertsons, who live in Connecticut, leased their computer from an SEI store in Connecticut. PCRA was installed on their leased computer at the Connecticut store, and any information gathered through PCRA would have been sent to an SEI employee at the Connecticut store. Finally, the Robertsons do not allege that they used their computer outside of the state of Connecticut.[117] As a result, the Court finds that Connecticut law should apply to the Robertsons' invasion of privacy claim.

         Connecticut follows the Restatement (Second) of Torts' definition of intrusion upon seclusion: “intentionally intrud[ing], physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns . . . if the intrusion would be highly offensive to a reasonable person.”[118] The Defendant contends that the Robertsons' claim fails because PCRA - without Detective Mode installed and activated - was incapable of collecting private information.[119] Rather, PCRA was only capable of capturing the IP address of the computer, which, according to the Defendant, is not highly offensive to a reasonable person. In response, the Plaintiffs argue that mere installation of PCRA is offensive to a reasonable person, because the Defendant was capable of installing Detective Mode through PCRA. They cite Koeppel v. Spiers in support of their argument.

         In Koeppel, the Iowa Supreme Court addressed the question of “whether the harm sought to be remedied by the [intrusion upon seclusion] tort is caused by accessing information from the plaintiff in a private place or by placing mechanisms in a private place that are capable of doing so at the hand of the defendant.”[120] After a review of the relevant case law, the Koeppel court held that placing a device into private place that is capable of capturing private information is sufficient to state an intrusion upon seclusion claim.[121]

         Based on a review of Connecticut case law, it does not appear that the Connecticut courts have weighed in on the issue. Nevertheless, the Court finds that the instant case is distinguishable from the circumstances in Koeppel. In Koeppel, the plaintiff brought suit against her employer after it was discovered that the employer installed a hidden camera in a workplace bathroom.[122] The employer contended that the plaintiff could not assert an invasion of privacy claim, because the camera never actually worked.[123] But the plaintiff submitted evidence that the camera was potentially capable of working when a fresh battery was in place.[124] The court held that because there was evidence that the camera was potentially capable of working, the plaintiff's claim could survive summary judgment.[125]

         Here, the parties do not dispute that PCRA was incapable of capturing any private information. The Defendant needed to separately install and activate Detective Mode in order to potentially capture private information. The Court finds that this fact differentiates the instant case from the cases cited by the Plaintiffs. Those cases all involve circumstances where a person was subjected to a functioning recording device.[126] Outside of the two days Detective Mode was installed on the Robertsons' computer, the Robertsons' computer was only installed with PCRA. Because PCRA was incapable of capturing private information, the Robertsons' intrusion upon seclusion claim cannot survive. The Court therefore grants the Defendant's Motion for Summary Judgment with regard to the Robertsons' invasion of privacy claim.

         4. Georgia Computer Systems Protection Act

         The Georgia Computer Systems Protection Act (“GCSPA”) prohibits, inter alia, “computer trespass” and “computer invasion of privacy.”[127] “Any person whose property or person is injured by reason of a violation” of the GCSPA may bring an action for damages.[128] The Robertsons allege that the installation of PCRA constitutes both a computer trespass and a computer invasion of privacy. The GCSPA does not apply extraterritorially.[129] Thus, in order to assert a claim under the GCSPA, a plaintiff's claim must have a sufficient connection to Georgia. The Defendant argues that none of the alleged injuries or unlawful acts took place in Georgia. It points to the following facts. The Robertsons, who are residents of Connecticut, leased their computer from an SEI store in Meriden, Connecticut.[130] PCRA was installed on the Robertsons' computer by an SEI employee at the Meriden store.[131] The Robertsons never used their computer outside of the state of Connecticut.[132] Any data received through PCRA was routed through a DesignerWare server in Pennsylvania and was emailed to SEI employees in Connecticut.[133] The employee who activated Detective Mode on the Robertsons' computer was located in Connecticut.[134]

         According to the Defendant, this case is very similar to Peterson v. Aaron's, Inc.[135] In Peterson, this Court held that the plaintiffs could not assert a claim under the GCSPA because none of the alleged injuries or illegal conduct occurred in Georgia.[136]There, the plaintiffs, who were residents of Colorado and Oklahoma, leased a computer from a Montana-based franchisee store located in Colorado.[137] In response, the Plaintiffs point out a few differences between Peterson and the instant action. First, SEI is a Georgia-based franchisee. Second, SEI purchased PCRA from its Atlanta office and made payments for the spyware from the Atlanta office. Third, the Plaintiffs allege that SEI's employees used “Aarons.com” email addresses for the installation and operation of PCRA, and they point out that the Aaron's email server is located in Atlanta.[138]

         Despite SEI's connections to Georgia, the Court finds that the Plaintiffs cannot bring a claim under the GCSPA. To be sure, the instant case is a closer call than the Peterson case. Nevertheless, all of the alleged injuries and illegal conduct occurred outside the state of Georgia. The only allegation of illegal conduct that touches Georgia is contradicted by the evidence. The Plaintiffs allege that the Defendant installed PCRA through its employees' Aarons.com email addresses. But, according to the DesignerWare instruction manual, the computer does not connect to the internet until the installation process is complete.[139] Moreover, an SEI employee testified that PCRA was installed using a disk or thumb drive, not over the internet.[140] It was only after PCRA was successfully installed and connected to the internet that an email would be sent to an SEI employee confirming the installation of PCRA.[141]

         The Plaintiffs also argue that SEI's payments to DesignerWare from its Georgia office are sufficient contacts to Georgia. They cite the venue provision of the GCSPA in support of their contention. The venue provision states: “any violation of this article shall be considered to have been committed . . . (3) in any county in which any act was performed in furtherance of any transaction which violated this article[.]”[142] But, as the Defendant points out, this venue provision is only for the purpose of determining venue. Where, as here, all of the allegedly unlawful acts and injuries occurred outside the state of Georgia, the Court is unconvinced a plaintiff should be able to bring a claim under the GCSPA. Accordingly, the Defendant's Motion for Summary Judgment with regard to the Robertsons' GCSPA claim should be granted.

         5. Violation of the Electronic Communications Privacy Act

          The Robertsons assert claims under 18 U.S.C. § 2511(1)(a)(c) and (d) of the Electronic Communications Protection Act (“ECPA”). As previously discussed, the ECPA imposes criminal and civil liability on any person who “intentionally intercepts . . . any wire, oral or electronic communication.”[143] The ECPA also imposes liability on any person who “intentionally discloses” or “intentionally uses” the contents of an electronic communication if that person knows, or has reason to know, that the communication was intercepted in violation of the Act.[144] Therefore, in order to assert a claim under the ECPA, a plaintiff must prove that his or her communication was “intercepted.” The Eleventh Circuit has adopted a narrow reading of the term intercept in the context of electronic communications. Specifically, to prove an interception occurred, the electronic communications must have been acquired “contemporaneously with their transmission.”[145] Electronic communications are not intercepted under the ECPA if they are retrieved from storage.[146] In United States v. Steiger, for example, the Eleventh Circuit held that a computer hacker had not “obtained [information] through contemporaneous acquisition of electronic communications while in flight. Rather, the evidence show[ed] that the source used a Trojan Horse virus that enabled him to access and download information on . . . [the] personal computer.”[147]

         What qualifies as a contemporaneous interception is hotly disputed in most ECPA cases. This case is no different. Detective Mode is capable of capturing four different kinds of data from a computer: screen shots, clipboard content, key strokes, and web camera images and/or videos.[148] But both parties specifically focus on screenshots and keystrokes in their briefs and expert reports. The Defendant contends that the Plaintiffs cannot prove a contemporaneous interception occurred, because Detective Mode cannot capture communications while they are “in flight.” The Defendant's expert, Professor Patrick McDaniel, concluded that Detective Mode “collects data from memory where it is stored locally on the machine.”[149] For example, “any data collected from the keyboard would not be captured simultaneous with transmission because it would be collected before it was sent.”[150] Professor McDaniel also noted that common tools for capturing data in flight - wire tapping, network data packeting sniffing, and packet capture - were not contained within the PCRA software.[151]

         In response, the Plaintiffs cite their expert, Micah Sherr, who opined that PCRA is capable of capturing information simultaneously with its transmission. Sherr asserted that “screenshot interceptions capture the contents of the user's display the instant the screenshot was taken.”[152] Moreover, Sherr noted that PCRA captures keystrokes “as they occur, and hence any typed form of communication will be intercepted at the time at which the user inputs the communication.”[153] In a deposition, however, Sherr testified that PCRA captures information “[i]n close proximity” or “near in time” to its transmission.[154] This “near in time” capture happens at the “endpoints, ” meaning at the local machine, not over the network.[155] For example, when PCRA takes a screenshot, PCRA can capture an image of a communication from one computer to another very soon after the communication has arrived at the recipient's computer.[156]

         The issue, therefore, is whether PCRA's “near in time” capabilities constitute an interception under the PCRA. For its keystroke function, the Court finds PCRA does not “intercept” within the meaning of the ECPA. Based on the evidence put forth, it is clear that the keystroke function records typed-letters before they are transmitted, and thus it is only capturing the transmissions between the keyboard and the computer. Several courts have found that such keystroke functions are not capturing “electronic communications” that affect commerce.[157]

         Detective Mode's screenshot function presents a more difficult question. Few courts have examined screenshot technology under the ECPA. Nevertheless, the Plaintiffs contend that Shefts v. Petrakis supports their argument that a screenshot that captures an image of a communication on a computer is contemporaneously copying the communication as it is transmitted. In Shefts, the plaintiff alleged that the defendants intercepted messages from his web-based email account by using a software called SpectorPro.[158] Similar to Detective Mode, SpectorPro operated by taking images of the user's activities on the computer.[159] The Shefts court held that the screen-captures constituted an interception under the ECPA.[160] It found that “any emails sent by Plaintiff on his Yahoo! account via his desktop computer would have been captured by SpectorPro as they were transmitted to Yahoo! via the internet.”[161]

          The Court, however, finds that SpectorPro is distinguishable from PCRA's Detective Mode. According to the Shefts court, SpectorPro was “always on, ” meaning it was constantly capturing screenshots.[162] Therefore - by default - it “capture[d] all communications simultaneously with their transmission.”[163] But Detective Mode's screen-capture function was not always running. Instead, according to the Plaintiffs' expert, it took screenshots every two minutes.[164] This means that Detective Mode did not automatically capture all communications simultaneously with their transmission. In fact, Detective Mode's screen-capture function is more akin to a different intercepting device discussed in Shefts. Specifically, the Shefts court found that “where the allegedly intercepting device operates only intermittently (rather than continuously, as in the SpectorPro instance), the amount of time between the transmission and interception by the spy is not the primary determining factor, but rather the fact that interception was automatically triggered by transmission or reception.”[165] The court went on to find that because the intercepting device at issue “did not acquire the text messages as they were transmitted to or from Plaintiff, but acquired them from the Blackberry at predetermined intervals, ” it could not find that the device intercepted the messages under the ECPA.[166] Here, Detective Mode's screen-capture function is not triggered by the transmission or reception of electronic communications. Instead, it took a screenshot at predetermined intervals. Even if the Plaintiffs can show that a screenshot or two occurred in close proximity to an electronic communication, that does not mean the screenshot captured the communication simultaneously with its transmission. Indeed, there is no evidence to demonstrate that a screenshot was ever triggered by a communication. As a result, the Court finds that Detective Mode's screenshot function did not intercept the Robertsons' electronic communications under the ECPA. The Defendant's Motion for Summary Judgment with regard to the Plaintiffs' ECPA claim is granted.

         C. Cason's and Krise's Claims

          The Plaintiffs Corie Cason and Karen Krise allege both invasion of privacy and violation of the GCSPA. In their Response Brief, the Plaintiffs agreed with the Defendant's choice of law analysis and stated that Cason's and Krise's common law invasion of privacy claims should be dismissed.[167] Accordingly, the Defendant's Motion for Summary Judgment regarding the Plaintiffs Cason's and Krise's common law invasion of privacy claims is granted. As for Cason's and Krise's GCPSA claims, the Court reaches the same conclusion as it did with regard to the Robertsons' GCPSA claim. The Plaintiff Cason leased her computer from an SEI store in Buffalo, New York and never took the computer to Georgia.[168] PCRA was installed on her computer at the Buffalo store.[169] Detective Mode was never installed on Cason's computer and any information gathered from PCRA would have been emailed to a Buffalo store employee.[170] Similarly, the Plaintiff Krise leased her computer from a store in Massena, New York.[171] PCRA was installed on her computer at the time of the lease.[172] Krise does not allege that she ever took the computer to Georgia.[173] It is undisputed that Detective Mode was never installed on Krise's computer, and any information gathered through PCRA would have been sent to an employee at the Massena store.[174] Moreover, both lockdowns of the Plaintiff Krise's computer were executed by employees at the Massena store.[175] As the Court explained above, it is unwilling to allow the Plaintiffs' GCSPA claims to move forward when none of the alleged illegal conduct and injuries occurred in Georgia. The Defendant's Motion for Summary Judgment is granted as to the Plaintiffs Cason's and Krise's GCSPA Claims. [176]

         IV. Conclusion

         For these reasons, the Defendant's Motion to Exclude the Testimony of Micah Sherr [Doc. 104] is GRANTED in part and DENIED in part; the Defendant's Motion to Exclude the Testimony of Michael Maschke [Doc. 111] is DENIED; and the Defendant's Motion for Summary Judgment [Doc. 97] is GRANTED.

         SO ORDERED.

---------

Notes:

[1] Pls.' Statement of Facts ¶ 21.

[2] Def.'s Statement of Facts ¶ 1.

[3] Id. ¶ 3.

[4] Id. ¶ 10.

[5] Id.

[6] Id. ¶ 34.

[7] Id. ¶ 35. It is undisputed that SEI never attempted to track any of the Plaintiffs' computers using the geolocation feature. Id. ¶¶ 105, 143.

[8] Id. ¶ 11.

[9] Id. ¶ 12. It is undisputed that PCRA, by itself, could not capture this type of data. Id ...


Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.