Friday, December 06, 2013

software is a "good" but California claims still fail

Haskins v. Symantec Corporation, 2013 WL 6234610, No. 13-cv-01834-JST  (N.D. Cal. Dec. 2, 2013)

In 2006, hackers infiltrated Symantec’s network and stole the source code used in the 2006 versions of its antivirus etc. products. Symantec allegedly knew this, but neither performed a reasonable investigation into the breach nor informed consumers. Haskins bought Symantec’s Norton Antivirus software online in late 2007 or early 2008.  She alleged that she was exposed to Symantec’s claims on its website that Norton Antivirus provided computer, data, and email security by, inter alia, blocking viruses and spyware, that she bought the product unaware that it was compromised and believing that it would protect her, and that had she known the truth she wouldn’t have bought the product.  “In 2012, a hacking group publicly claimed to possess the 2006 stolen source code and posted certain code on the internet, and Symantec disclosed for the first time that its systems had been breached in 2006 and the source code stolen.”

The court first found that Rule 9(b) applied to the UCL and CLRA claims.  Haskins identified specific statements on Symantec’s website and in its ads, e.g., the products are supposed to “secure and manage ... information against more risks” and “eliminate risks to information, technology and processes....”  Symantec argued that this was insufficient because she failed to identify any specific ad she saw and relied on, and that these statements were mere puffery.

Haskins did identify specific statements in ads, and appended the relevant documents.  Also, Tobacco II said that plaintiffs can sometimes state a UCL claim without showing that they viewed any particular ad where misrepresentations were part of an extensive, longterm ad campaign.  If a plaintiff can prevail at trial without showing that she saw any specific ad, Rule 9(b) shouldn’t have a higher standard; that would turn Rule 9(b) from a procedural rule to a substantive one.

Even named class members can have standing without proof they saw a specific ad under Tobacco II, but that case offers a narrow exception to the general rule where the defendants engaged in decades-long saturation advertising.  Here, Haskins based her allegations on ads 2006-2012, while purchasing in 2007/2008.  To have standing, she’d have to allege that she was in a Tobacco II situation, and also that the long-term ad campaign to which she was exposed affected her purchase decision. This complaint didn’t, though the court would allow her to amend.

Symantec also argued that the claims were mostly nonactionable puffery.  But that apparently conceded that some of the claims weren’t.  Plus, even statements that might be puffery standing alone can in context contribute to deception and be actionable.  But the court accepted Symantec’s argument that Haskins didn’t provide enough explanation of what was false.  Though she attached the ads she was attacking and therefore Symantec was on notice, she still didn’t “set forth what is false or misleading about a statement, and why it is false” with sufficient particularity—she appended “nearly the entirety of Symantec’s 2006–12 advertisements for, and website descriptions of, the Products.” Even claims for fraud by omission need to identify the information Symantec communicated “that was rendered misleading by the failure to disclose the 2006 source code theft.”  Her burden was to “at least make a prima facie explanation of how each of the complained-of statements constitute fraud.”  Thus, the complaint was dismissed, but the court went on to address a few other issues in case she filed an amended complaint.

Haskins needed to show injury to have standing under the UCL; that can come from paying more than she would otherwise have been willing to pay because the product was not as advertised.  Symantec argued that she didn’t have standing because she didn’t allege that she viewed any specific ad or representation, but this didn’t necessarily matter under Tobacco II.  If she could win at trial on a long-term ad campaign theory, her economic injury is the purchase that wouldn’t have occurred but for the misrepresentation.  Likewise, on a motion to dismiss, such harm would at least plausibly ground a claim of “unfair” business practices, as well as fraudulent ones.  The same theory would give her CLRA standing.

Symantec argued that software wasn’t “goods” or “services” covered by the CLRA. The court disagreed, in a brief but pithy discussion.  Goods are “tangible chattels bought or leased for use primarily for personal, family, or household purposes.”  Symantec argued that (1) because Haskins downloaded the software, it wasn’t a tangible chattel, and (2) all software is outside the CLRA even if purchased on disk.  The CLRA’s language is from 1970.  “It seems unlikely that the Legislature knowingly exempted computer software from the CLRA’s scope two years before the invention of Pong.”  More likely, the legislature meant to exempt credit and insurance from the scope of the law, “since those commodities are inherently intangible promises which have no direct and concrete impact on the physical universe.” 

Of course, that reasoning wouldn’t justify expanding the statute beyond its terms.  But “tangible” means “[h]aving or possessing physical form; corporeal.” Symantec’s software is often purchased in physical form, as other “goods” are; other intangibles aren’t. Plus, even downloaded, “it works a physical change on a physical hard drive. It possesses corporeal form in a way that credit or insurance inherently cannot.”

Symantec argued that the disk was irrelevant, “nothing but a physical mechanism for delivering a nonphysical right to use intangible software.”  That was slicing the salami too thinly.  A book is a “tangible chattel,” despite being “merely a delivery mechanism for the transmission of information.”  By contrast, insurance contracts and credit cards aren’t delivery mechanisms, but physical representations of an intangible agreement.  “Consumers do not purchase software discs or books to memorialize or prove the existence of an agreement; they purchase the objects to possess and use them. As a physical object purchased for a consumer’s use, a software disc is a tangible chattel.”
Though it was a close call, the court deferred to the CLRA’s own instruction to construe the statute liberally.  At least where there’s a physical version, construing the statute to cover only the in-store version wouldn’t be a liberal construction. 

No comments: