Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

Two New Decisions on the Wiretap Act and Secondary Liability

Posted in Advertising & Marketing, Litigation, Online, United States

The last two weeks have brought two important decisions in the ongoing litigation over behavioral advertising firm NebuAd’s alleged use of a device to intercept data from ISP networks. Several ISPs allegedly permitted NebuAd to install an “appliance” on their networks in order to collect and analyze subscriber data for ad targeting purposes.  In lawsuits that began to be filed in 2008, plaintiffs have alleged that NebuAd–and the ISPs with which it allegedly partnered– violated Title I of the Electronic Communications Privacy Act (i.e., the Wiretap Act) as well as other federal and state laws.  Plaintiffs have sued the ISPs in separate suits around the country.  Two of these suits–against ISPs Embarq and WideOpen West (“WOW”)–yielded decisions in favor of the ISPs last week. 

Kirch v. Embarq Management Co. was filed in the District of Kansas against the CenturyLink subsidiary Embarq.   After completing fact and expert discovery in the district court, Embarq obtained summary judgment based on the argument that the ISP could not be held liable under the Wiretap Act because the plaintiffs had not shown that Embarq (as opposed to NebuAd) had actually “intercepted” any communications.  Moreover, the court held that Embarq could not be held liable for aiding and abetting NebuAd because the Act does not provide such secondary liability in the civil context. 

The Tenth Circuit affirmed these holdings last week.  Although the trade press and bloggers have focused on the court’s holding that there is no civil liability for aiding and abetting under the Wiretap Act, this aspect of the decision is less remarkable, as a number of courts, including at the circuit level, have held this in the past. 

Perhaps more interesting is the Tenth Circuit’s discussion of the “ordinary course of business” (or “business use”) exclusion in the statute.  The court explained that the exclusion permits ISPs to access data travelling over their networks in the ordinary course of business; thus, to the extent Embarq had access to the data that NebuAd intercepted, that access was permitted.   While the lower court seemed to suggest that if Embarq had “acquired” (rather than merely “accessed”) such data it might have violated the Wiretap Act, the Tenth Circuit explained that even if the data had been “acquired” by the ISP, there still would not have been an actionable “interception.”   In fact, the court seemed to suggest that, as long as Embarq did not gain “access to . . . more of its users’ electronic communications than it had in the ordinary course of its business as an ISP,” its activities were protected by the business use exception. 

Only a week earlier, a district court reached a very similar decision Valentine v. WideOpen West Finance, LLC, which also concerns an ISP’s alleged partnership with NebuAd Judge Edmond E. Chang of the Northern District of Illinois dismissed plaintiffs’ claim that the WOW violated the Wiretap Act by intercepting their communications.  (Judge Chang noted that the parties did not brief the issues of whether WOW is liable for using or disclosing intercepted communications, which is independently actionable conduct under the Wiretap Act.)  Like the Tenth Circuit in Embarq, Judge Chang held that WOW could not be liable for aiding and abetting NebuAd’s interception of the plaintiffs’ communications.