Hazel v. Prudential Financial, Inc.

N.D. Cal.4/17/2025
View on CourtListener

AI Case Brief

Generate an AI-powered case brief with:

📋Key Facts
⚖Legal Issues
📚Court Holding
💡Reasoning
🎯Significance

Estimated cost: $0.10–$0.50 per brief, depending on opinion length and retries

Full Opinion

1 2 3 4 5 IN THE UNITED STATES DISTRICT COURT 6 FOR THE NORTHERN DISTRICT OF CALIFORNIA 7 8 VALERIE TORRES and RHONDA Case No. 22-cv-07465 (CRB) HYMAN, ET AL., 9 Plaintiffs, ORDER GRANTING MOTION FOR 10 SUMMARY JUDGMENT v. 11 PRUDENTIAL FINANCIAL, INC., 12 ACTIVEPROSPECT, INC., AND ASSURANCE IQ, LLC., 13 Defendants. 14 15 This action is the latest in a line of cases challenging the use of third-party software 16 to record website visitor activity without their knowledge. Plaintiffs sue Defendants 17 ActiveProspect, Prudential Financial, and Assurance IQ, alleging that ActiveProspect 18 violated the California Invasion of Privacy Act by intercepting, recording, and storing real- 19 time interactions with a webform on Prudential’s website without consent. Plaintiffs 20 further allege that Prudential and Assurance violated CIPA by employing ActiveProspect 21 and embedding its software services on the Prudential website without proper disclosure to 22 website users. Defendants move for summary judgment on the basis that there is no 23 genuine dispute of material fact as to whether ActiveProspect read or attempted to read the 24 contents of Plaintiffs’ communications while they were in transit, as is required to establish 25 a section 631 CIPA violation. The Court GRANTS Defendants’ motion. 26 I. BACKGROUND 27 A. Factual History 1 online webform for people to fill out in order to obtain a life insurance quote. SAC 2 (dkt. 56) ¶ 1. The webform prompted users to enter information about their demographics, 3 family situation, and medical history. Id. ¶ 45. Prudential and Assurance employed the 4 software vendor ActiveProspect and embedded its software product “TrustedForm” into 5 the source code of the webform. Id. ¶¶ 43, 47; Mot. (dkt. 93) at 2. 6 The moment a user interacted with the webform, TrustedForm collected user 7 metadata and recorded the interaction using a software tool called “event listeners.” Polish 8 Decl. (dkt. 93-30) ¶ 32; Wolfe Decl. (dkt. 93-29) ¶¶ 15, 19. Event listeners detect button 9 clicks, mouse movements, and keyboard inputs. Polish Decl. ¶ 32. TrustedForm then 10 generates a “TrustedForm Certificate” that contains the event data and sends a 11 corresponding “TrustedForm Certificate URL” to the website owner. Wolfe Decl. ¶¶ 9, 12 13. Each TrustedForm Certificate includes a “session replay,” which is a recreation of the 13 events that took place on the webform including, but not limited to, any user-submitted 14 data. Rafferty Dep. (dkt. 105-3) at 26:19–27:22; Wolfe Decl. ¶ 14. 15 TrustedForm Certificates are encrypted and transmitted to ActiveProspect’s servers 16 for storage. Wolfe Decl. ¶ 17. Some values in the webform, like emails, are normalized 17 and hashed prior to transmission to the servers. Williams Dep. (dkt. 105-5) at 174:12–24. 18 To retrieve a TrustedForm Certificate, the website owner must have the associated 19 TrustedForm Certificate URL. Wolfe Decl. ¶ 44–45. So, for example, Prudential and 20 Assurance can claim and retrieve a TrustedForm Certificate through their TrustedForm 21 accounts by clicking the associated TrustedForm Certificate URL that is sent to them when 22 the TrustedForm Certificate is created. Id. ¶ 37. 23 Select ActiveProspect employees are “superusers” who can access the accounts of 24 accountholders and also view TrustedForm Certificates and session replays. Wolfe Dep. 25 (dkt. 105-8) at 162:14–163:2, 145:15–146:13. As far as the record reveals, these 26 employees access TrustedForm accounts only for troubleshooting purposes. Wolfe Dep. at 27 162:21–25; Williams Dep. at 123:11–124:10. 1 entered the requested information to obtain a life insurance quote. SAC ¶¶ 67, 71. 2 Prudential did not expressly disclose to Plaintiffs that ActiveProspect was recording their 3 interactions with the form until Plaintiffs had already completed the form and clicked “Get 4 an instant quote.” Id. ¶¶ 53, 54, 58. Plaintiffs assert that at the time they filled out the 5 form, they were not aware of and did not consent to ActiveProspect’s interception and 6 collection of their information, which of course went beyond the information that they 7 input into the form and included keystrokes, mouse clicks, and data inputs. Id. ¶¶ 70, 74. 8 B. Procedural History 9 In November 2022, Plaintiffs filed a class action complaint alleging that 10 Defendants’ use of TrustedForm violated section 631 of CIPA, the California Unfair 11 Competition Law, and Article 1 of the California Constitution. Compl. (dkt. 1). 12 Defendants moved to dismiss Plaintiffs’ claims. MTD (dkt. 21). The Court dismissed 13 Plaintiffs’ UCL claim but held that Plaintiffs had alleged sufficient facts to plausibly state 14 invasion of privacy claims under section 631 and the California Constitution. Order 15 (dkt. 29) at 11. Plaintiffs filed their Second Amended Complaint (SAC) on June 6, 2024. 16 On June 28, 2024, Plaintiffs sought class certification solely for their section 631 17 claim. Mot. for Class Cert. (dkt. 66). The Court granted Plaintiffs’ motion. Order 18 Granting Class Cert. (dkt. 97). In October 2024, the parties agreed to allow Defendants to 19 file the instant early summary judgment motion specifically as to legal issues that would 20 not require additional factual development. Joint Stip. (dkt. 86). 21 II. LEGAL STANDARD 22 Summary judgment is proper when there is “no genuine dispute as to any material 23 fact and the [moving party] is entitled to judgment as a matter of law.” Fed. R. Civ. P. 24 56(a). Material facts are those that may affect the outcome of the case. Anderson v. 25 Liberty Lobby, Inc., 477 U.S. 242, 248 (1986). A dispute is genuine if “the evidence is 26 such that a reasonable jury could return a verdict for the nonmoving party.” Id. 27 The moving party bears the initial burden of identifying those portions of the 1 material fact. Celotex Corp. v. Cattrett, 477 U.S. 317, 323 (1986). Once the moving party 2 meets its initial burden, the nonmoving party must go beyond the pleadings to demonstrate 3 the existence of a genuine dispute of material fact by “citing to particular parts of materials 4 in the record” or “showing that the materials cited do not establish the absence or presence 5 of a genuine dispute.” Fed. R. Civ. P. 56(c). If the nonmoving party fails to do so, “the 6 moving party is entitled to a judgment as a matter of law.” Celotex, 477 U.S. at 323. 7 III. DISCUSSION 8 The second prong of section 631 imposes liability where a person, “willfully and 9 without the consent of all parties to the communication, or in any unauthorized manner, 10 reads, or attempts to read, or to learn the contents or meaning of any message, report, or 11 communication while the same is in transit.” Cal. Penal Code § 631. Defendants make 12 two arguments as to why they cannot be liable under section 631. First, Defendants argue 13 that ActiveProspect does not constitute a third-party eavesdropper. Mot. at 12–20. 14 Second, Defendants argue that ActiveProspect did not read or attempt to read Plaintiffs’ 15 communications while the communications were in transit. Id. at 21–24. 16 A. Third-Party Eavesdropper 17 Liability under the second prong of section 631 attaches “only to eavesdropping by 18 a third party and not to recording by a participant to a conversation.” Warden v. Kahn, 99 19 Cal. App. 3d 805, 811 (1979); In re Facebook, Inc. Internet Tracking Litig., 956 F.3d 589, 20 607 (9th Cir. 2020). A third-party eavesdropper under section 631 is one who secretly 21 listens to conversations between two other parties or who receives “simultaneous 22 dissemination” of the “contents of a conversation.” Ribas v. Clark, 38 Cal. 3d 355, 360–61 23 (1985). In Ribas, for instance, the defendant was a friend of the plaintiff’s wife who 24 eavesdropped on a phone conversation between the plaintiff and his wife and later testified 25 to what she heard during an arbitration hearing. Id. at 358. The Court held that the 26 complaint properly charged the defendant under section 631 because the legislature 27 intended to prevent “eavesdropping, or the secret monitoring of conversations by third 1 never a secret to one party to a conversation that the other party is listening to the 2 conversation.” Rogers v. Ulrich, 52 Cal. App. 3d 894, 899 (1975). Thus, a participant to a 3 conversation who uses a tape recorder to record the communication, even surreptitiously, 4 is not liable under section 631. Id. at 897. 5 To evaluate whether a software service provider like ActiveProspect constitutes a 6 third-party listener as opposed to a participant in the conversation, courts assess whether 7 the software service “extends beyond the ordinary function of a tape recorder.” Yoon v. 8 Lululemon USA, Inc. 549 F. Supp. 3d 1073, 1081 (C.D. Cal. 2021); see also Javier v. 9 Assurance IQ, LLC, 649 F. Supp. 3d 891, 898 (N.D. Cal. 2023) (“the Court must decide 10 whether ActiveProspect is more akin to the tape recorder in Rogers, held by Assurance, or 11 the friend in Ribas (in which case, Assurance is the wife who allowed ActiveProspect to 12 listen in)”). This requires looking at the software vendor’s independent “capability to use 13 its record of the interaction for [another] purpose.” Cody v. Ring LLC, 718 F. Supp. 3d 14 993, 1002 (N.D. Cal. 2024) (quoting Javier, 649 F. Supp. 3d at 900). 15 For example, if software essentially functions as a wiretap that redirects a plaintiff’s 16 communications with a website page to a marketing company that can use the data for its 17 own ends, under section 631, the marketing company is not a party to the communication. 18 See Revitch v. New Moosejaw, LLC, No. 18-CV-06827-VC, 2019 WL 5485330, at *1 19 (N.D. Cal. Oct. 23, 2019) (denying motion to dismiss where plaintiff alleged that the 20 embedded software code redirected website interactions to a third-party in real time); In re 21 Facebook, Inc., 956 F.3d at 607–08 (denying motion to dismiss where Facebook used 22 software to track interactions between Facebook users’ browsers and other websites). 23 Conversely, if software functions only as a tool that, like a tape recorder, allows 24 participants to record and analyze the contents of their own communications, the software 25 vendor is not a third-party and no liability attaches. In Graham v. Noom, for example, the 26 court held that software used to capture data on behalf of a website owner functioned as a 27 mere recording tool because plaintiff did not allege that the software vendor “intercepted 1 though, to establish liability under section 631 a plaintiff need only show that the software 2 vendor is capable of using the data it collects for some other purpose; there is no statutory 3 requirement that the vendor actually did so. See Javier, 649 F. Supp. 3d at 900. Therefore, 4 a software vendor may be considered a third party even if it merely provides recording and 5 transmission services to a party to the communication. See Saleh v. Nike, Inc., 562 F. 6 Supp. 3d 503, 521 (C.D. Cal. 2021). 7 Defendants argue that ActiveProspect is not a third-party eavesdropper because 8 ActiveProspect cannot use TrustedForm Certificates for any independent purpose. Mot. at 9 13–19. Defendants provide two reasons why: First, ActiveProspect does not have the 10 ability to locate particular TrustedForm Certificates or link them with specific website 11 users without the associated TrustedForm Certificate URL, which is held by the website 12 owner, not ActiveProspect. See Ex. 22 (Retrieving a Retained TrustedForm Certificate) 13 (dkt. 93-23) at 1 (“TrustedForm does not support searching for certificates based on lead 14 data and thus cannot retroactively match lead data to a unique certificate.”). Although 15 ActiveProspect keeps a list of TrustedForm Certificate URLs, it does not have an index 16 with which to identify what website or certificate each URL corresponds to. Wolfe Decl. 17 ¶ 39. Second, even with the associated TrustedForm Certificate URLs, ActiveProspect 18 cannot retrieve large numbers of stored TrustedForm Certificates at one time. Id. ¶ 40–41. 19 Defendants contend that these limitations make it impossible for ActiveProspect to use 20 TrustedForm Certificates “for any purpose beyond providing the TrustedForm software 21 service to accountholders.” Mot. at 14. 22 But ActiveProspect can access, and potentially use, the data collected by the 23 TrustedForm software. Deposition testimony reveals that certain ActiveProspect 24 employees with “superuser access” can independently view TrustedForm Certificates for 25 customer support purposes. See Wolfe Dep. at 162:14–163:2; Williams Dep. at 168:8–19, 26 123:16–126:15, 128:1–12. These select ActiveProspect employees can log into the 27 accounts of accountholders, such as Assurance, and view TrustedForm certificates and the 1 ActiveProspect website itself confirms this capability. See Ex. 8 (ActiveProspect Security) 2 (dkt. 105-9) at 3 (“Our employees may occasionally need access to accounts for support or 3 troubleshooting purposes.”).1 4 This matters because the user-submitted information from the webform that is 5 accessible through the session replays in TrustedForm Certificates qualifies as contents of 6 a communication. See SAC ¶ 45. And the fact that superuser employees can access this 7 sensitive information suggests that it could be used for a purpose other than collection and 8 storage—even if Plaintiffs have not shown that it has, in fact, been used for such a 9 purpose. Wolfe Dep. at 162:21–163:2 (“ActiveProspect staff are able to, on a support 10 basis, access the Assurance 
 account, and in doing so, can pull up one of the certificates 11 that they have stored in their account for the purpose of troubleshooting.”). 12 Defendants respond that superuser employee access does not necessarily mean that 13 ActiveProspect can use TrustedForm data for its own ends because “only a strictly limited 14 subset of ActiveProspect employees” are granted superuser access and those employees 15 may access a TrustedForm Certificate “only at the request of the Certificate’s owner” and 16 “only for ‘support or troubleshooting purposes.’” Reply (dkt. 124) at 7 (citation omitted) 17 (emphasis in original). Defendants emphasize that ActiveProspect cannot use the 18 TrustedForm data for its own purposes because such use is explicitly barred by the End 19 User License Agreement (EULA) between ActiveProspect and Assurance. Id.; Mot. at 18 20 (citing EULA (dkt. 93-10) at 2, 4).2 21 1 Plaintiffs cite a report by Professor Zubair Shafiq, an internet privacy and security expert, 22 opining that files containing event logs are stored on the server in decoded plain text form, which would allow ActiveProspect to access the content of encoded and encrypted 23 TrustedForm Certificates. Shafiq Rpt. (dkt. 105-7) ¶¶ 88, 92–93. Defendants challenge Shafiq’s expert report. Mot. to Exclude (dkt. 122). Because other evidence in the record 24 creates a genuine dispute as to whether ActiveProspect is capable of using TrustedForm data for its own ends, Defendants’ motion to exclude Shafiq’s report is moot. 25 2 Defendants argue that the EULA between ActiveProspect and Assurance regarding the use of TrustedForm confirms ActiveProspect’s inability to use TrustedForm data for its 26 own ends because ActiveProspect’s “right to use aggregate data” under the EULA refers only to metadata, not user-submitted data. Mot. at 18 (citing EULA at 2, 4). But 27 ActiveProspect’s Terms of Service for all ActiveProspect products explicitly reserves its 1 Defendant’s arguments are unpersuasive because they demonstrate only that it is 2 ActiveProspect’s policy not to use the TrustedForm data for its own purposes. This is 3 irrelevant to the issue as to whether ActiveProspect is capable of using superuser access for 4 its own ends. The fact remains that, if ActiveProspect can grant a limited subset of 5 employees access to TrustedForm accounts (and, thus, the underlying TrustedForm data), 6 then ActiveProspect can potentially use TrustedForm data for its own ends, even if it is not 7 their policy to do so.3 8 In short, ActiveProspect did not become a party to the webform communications 9 simply because it was providing recording services to Assurance. See Saleh, 562 F. Supp. 10 3d at 521. Evidence in the record indicates that at least some ActiveProspect employees 11 can view TrustedForm Certificates and session replays, so there is a genuine dispute of 12 material fact as to whether ActiveProspect functions as more than a mere tape recorder. 13 Accordingly, summary judgment is not appropriate on this basis. 14 B. Whether Defendants “Read” or “Attempted to Read” Communications 15 Defendants further argue that there is no genuine dispute about whether 16 ActiveProspect read, attempted to read, or to learn the contents of Plaintiff’s 17 communications while they were in transit. This is a requirement under section 631. 18 Though section 631 does not define “read” or “attempt to read,” courts generally conclude 19 that liability under prong two of section 631 “requires some effort at understanding the 20 substantive meaning of the message, report or communication.” E.g., Williams v. DDR 21 Media, LLC, No. 22-CV-03789-SI, 2024 WL 4859078, at *5 (N.D. Cal. Nov. 20, 2024). 22 23 Therefore, at the summary judgment stage, Defendants have not proven that no genuine dispute exists as to whether they can use the TrustedForm data for their own ends. 24 3 In their Reply, Defendants cite several cases where district courts concluded that data collected using certain software could not reasonably be used by the software vendor for 25 another purpose. See Reply at 7. Those cases are readily distinguishable. See Yockey v. Salesforce, Inc., 688 F. Supp. 3d 962, 973 (N.D. Cal. 2023) (data at issue were transcripts 26 of customer support communications, not medical histories and contact information); Heiting v. athenahealth, Inc., No. 2:23-CV-10338-FLA (DFMX), 2024 WL 3761294, at *4 27 (C.D. Cal. July 29, 2024) (allegations as to access were “general and conclusory”); 1 A party to a communication “recording a conversation with a device and later sharing the 2 recording with others is not a [section 631] violation.” Valenzuela v. Nationwide Mut. Ins. 3 Co., 686 F. Supp. 3d 969, 980 (C.D. Cal 2023) (citing Rogers, 52 Cal. App. 3d at 899). 4 Defendants’ argument prevails. 5 Plaintiffs argue that using “event listener” software to collect an interaction in real- 6 time for the purpose of later reassembling a session replay constitutes an attempt to 7 understand the content of that communication. Opp. at 22. According to Plaintiffs, section 8 631 liability attaches even if the “attempt” to understand the contents of a communication 9 occurs when the contents are stored and no longer in transit. Id. Plaintiffs reiterate that 10 Defendants could read encrypted certificate data before and after it was stored on the 11 ActiveProspect server. Id. at 24. Plaintiffs also point to the fact that ActiveProspect 12 employees use the substantive contents of session replays to testify on behalf of clients like 13 Prudential, arguing that this is analogous to the friend in Ribas who violated section 631 by 14 listening to and then later testifying about a phone conversation between a husband and 15 wife. See Opp. at 12. 16 Ultimately, Plaintiffs’ arguments do not show a genuine dispute of a material fact. 17 Even if TrustedForm software intercepts the contents of Plaintiffs’ communications in real 18 time and stores the recording on an ActiveProspect server that ActiveProspect employees 19 can access, nothing in the record plausibly indicates that ActiveProspect reads or attempts 20 to read the contents of the communication while they are in transit. See Valenzuela v. 21 Keurig Green Mountain, Inc., 674 F. Supp. 3d 751, 758 (N.D. Cal. 2023) (“‘While’ is the 22 key word here.”). Webform inputs are collected and stored as a series of undeciphered 23 “events,” which are then provided to host websites to interpret using the ActiveProspect 24 server. Wolfe Decl. ¶ 18. As explained above, ActiveProspect employees with “superuser 25 access” can later access these communications and even testify to their contents, but there 26 is no evidence in the record that those employees (or others) access communications while 27 they are in transit. Whether Defendants access or even analyze inputs with Prudential’s 1 whether Defendants read the communications while they were in transit.4 2 Plaintiffs correctly point out that the legislature intended CIPA to be interpreted 3 broadly to account for new technologies. Opp. at 9. But even applying the statute broadly, 4 the record is devoid of evidence that ActiveProspect used technology to independently 5 interpret the substantive meaning of communications while they were in transit. See R.C. 6 v. Sussex Publishers, LLC, No. 24-CV-02609-JSC, 2025 WL 948060, at *7 (N.D. Cal. 7 Mar. 28, 2025) (dismissing section 631 claim where technology is used to view, read, and 8 process data only after it is stored). Plaintiffs suggest that a strict interpretation of the 9 while-in-transit requirement would mean that CIPA could never apply in the context of the 10 internet, where communications are near instantaneous and cannot be meaningfully read or 11 understood until later. Whether or not that is true, it would stretch CIPA’s statutory 12 language too far to interpret “while 
 in transit” to encompass any hypothetical future 13 attempt to read or understand the meaning of a communication.5 14 Plaintiffs also argue that reassembling events into a session replay constitutes an 15 attempt to understand the meaning of webform inputs. Opp. at 22. In re Facebook is again 16 instructive. In that case, Facebook used plug-ins to track users’ browsing histories, which 17 it then used to create personal profiles that could be sold to advertisers. 956 F.3d at 596. 18 The court affirmed that this adequately alleged conduct that amounted to a violation under 19 20 4 During oral argument Plaintiffs cited People v. Otto, 2 Cal. 4th 1088 (1992), to posit that CIPA applies even where a conversation is recorded at one time and listened to (in an 21 attempt to read or understand it) at a later time. But Otto involved the federal wiretapping statute, 18 U.S.C § 2511, not CIPA. Id. at 1098. And in any case, the parties in Otto did 22 not argue, and the court therefore did not address, whether anyone read or attempted to read the relevant communications while they were in transit. 23 5 Consider two examples. In In re Facebook, Facebook was alleged to have used browser plug-ins to “replicate and send [] user data to Facebook through a separate, but 24 simultaneous, channel,” at which point Facebook “compiled the [data] it collected into personal user profiles.” 956 F.3d at 596. And in In re Google Inc., Google was alleged to 25 have “intercepted, read and acquired the content of emails that were sent or received by Gmail user[s] while the emails were in transit 
 for the purposes of sending an 26 advertisement relevant to that email communication.” No. 13-md-2430-LHK, 2013 WL 5423918, at *1 (N.D. Cal. Sept. 26, 2013). Both courts denied motions to dismiss the 27 section 631 claims. In re Facebook, 956 F.3d at 606–08; In re Google, 2013 WL 5423918, 1 CIPA. Id. at 607–08. Here, by contrast, ActiveProspect does not appear to analyze, 2 summarize, or otherwise interpret Plaintiffs’ data: the session replays on the 3 ActiveProspect server are nothing more than a rote list of the actions that TrustedForm 4 users took while filling out the form. The act of reassembling events like keystrokes, 5 mouse movements, and clicks into a session replay (for the convenience of a party to the 6 communication itself) is not analogous to creating personal profiles that can then be 7 marketed to third-party advertisers. And it does not constitute reading under the statute, 8 because reading requires an attempt to understand or interpret the substantive meaning of a 9 communication, and the events recorded by TrustedForm do not become readable content 10 until after they are stored and reassembled into a TrustedForm session replay. Even when 11 a session replay is reassembled, it is done mechanically and without any attempt to decode 12 its underlying meaning. Wolfe Decl. ¶¶ 18, 28. 13 To be sure, Plaintiffs demonstrate that ActiveProspect could have learned the 14 substantive meaning of TrustedForm Certificates by accessing client accounts or viewing 15 event log files. See Wolfe Dep. at 162:14–163:2; Shafiq Rpt. ¶¶ 88, 92–93.6 But what 16 ActiveProspect could do is not the relevant inquiry here—as opposed to the earlier analysis 17 as to whether ActiveProspect functioned more like a tape recorder or a third-party 18 eavesdropper. See James v. Allstate Ins. Co., No. 23-CV-01931-JSC, 2023 WL 8879246, 19 at *3 (N.D. Cal. Dec. 22, 2023) (“Plaintiff’s allegation that 
 ‘data is stored or can be 20 accessed by [Defendant]’ is insufficient to support a plausible inference [Defendant] 21 attempted to read or learn the contents of the communication while in transit.”). The 22 question is whether ActiveProspect did independently attempt to decipher the contents of 23 any communication. And Plaintiffs fail to provide any evidence indicating that 24 25 6 Though ActiveProspect concedes that there were instances when certain employees accessed customers’ accounts and viewed TrustedForm certificates and session replays, the 26 employees only did so in response to customer requests for support and troubleshooting. See Williams Dep. at 123:16–128:12. This does not give rise to section 631 liability 27 because a party to a communication—in this case the TrustedForm accountholder—is 1 ActiveProspect did so. 2 Separately, Plaintiffs argue that the TrustedForm software functionally reads the 3 data when it detects email addresses and phone numbers that require “normaliz[ing] and 4 hash[ing]” to be operative for certain features of the TrustedForm software. Opp. at 23 5 (citing Williams Dep. at 174:15–20). Plaintiffs assert that “categorizing and analyzing” 6 information using TrustedForm software prior to transmission also constitutes an attempt 7 to understand its meaning. Opp. at 23. No reasonable jury could agree. Whether an input 8 is normalized and hashed depends on a set of pre-determined criteria that is mechanically 9 deployed with no intelligible understanding of those values required. See Williams, 2024 10 WL 4859078, at *5 (holding that the hashing process, during which original data is 11 formatted in a particular way, does not constitute “reading” under CIPA). 12 Because Plaintiffs have not shown that ActiveProspect attempted to understand or 13 decipher the contents of Plaintiffs’ communications on its webform while the 14 communications were in transit, there is no genuine dispute as to whether ActiveProspect 15 read or attempted to read those communications under section 631. Further, because there 16 is no predicate violation of section 631 on the part of ActiveProspect, there is no genuine 17 dispute as to whether Prudential and Assurance aided and abetted ActiveProspect in 18 violation of section 631. 19 IV. CONCLUSION 20 For the foregoing reasons, this Court GRANTS Defendants’ motion for summary 21 judgment. 22 IT IS SO ORDERED. 23 Dated: April 17, 2025 CHARLES R. BREYER 24 United States District Judge 25 26 27 

Case Information

Court
N.D. Cal.
Decision Date
April 17, 2025
Status
Precedential
Hazel v. Prudential Financial, Inc. | Tortwell