Defining Interception: Wiretap Laws in the Digital Age
.png)
The federal Wiretap Act, and similar state statutes, prohibit the interception of individuals’ communications without their consent. While these laws were initially aimed at telephone communications, they are now routinely applied to online communications.
In recent years, courts across the United States have addressed the application of federal and state wiretap statutes to a multitude of online-tracking technologies embedded on public-facing websites. These technologies, such as cookies and pixels, secretly track website visitors’ activity and, in some cases, collect the content of visitors’ communications on those websites. Third parties who collect this data regularly use it to profile users for targeted advertising.
As websites continue to implement data collection and tracking technologies on visitors, data privacy litigation has surged: in 2023, the top ten privacy settlements totaled $1.32 billion, jumping to $2.01 billion in 2024.
In fact, wiretap litigation has become one of the fastest-growing areas of privacy law, with over 1,560 lawsuits filed across 28 states since 2022. California’s stringent privacy laws and strict consent requirements have driven 83% of these cases under the California Invasion of Privacy Act (CIPA) § 631(a).
These cases typically allege that online trackers violate federal and state wiretapping statutes by unlawfully collecting users’ communications as they are inputted into defendants’ websites including medical data, sensitive internet searches, and financial information.
Under the wiretapping statutes, one of the primary elements courts must consider is whether the communication was “intercepted” by an unauthorized party. This article will explore this question and highlight important considerations for attorneys bringing these cases.
The Wiretap Statutes
Originally passed in 1968 and significantly amended by the Electronic Communications Privacy Act of 1986 (ECPA), the federal Wiretap Act prohibits the intentional actual or attempted interception, use, disclosure, or “procure[ment] [of] any other person” to intercept “any wire, oral, or electronic communication.” “Intercept” is defined under the Wiretap Act as “the aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device.”
The Wiretap Act served as a model for a number of state laws with similar prohibitions and private rights of action. The California Invasion of Privacy Act (CIPA) and The Pennsylvania Wiretapping and Electronic Surveillance Control Act (WESCA) have been subject to extensive class-action litigation.
In Pennsylvania, WESCA, “operates in conjunction with and as a supplement to the Federal Wiretap Act” with substantially similar definitions for interception. Popa v. Harriet Carter Gifts, Inc., 52 F.4th 121, 125–26 (3d Cir. 2022). CIPA provides that wiretapping occurs when a person “in any unauthorized manner, reads, or attempts to read, or to learn … [a] communication while the same is in transit or passing over any wire, line, or cable, or is being sent from, or received at any place within this state.” While there are variations across state statutes, the Wiretap Act, CIPA, and WESCA provide useful guides to understanding how courts approach the interception of online communications.
Defining Interception for Online Communications
Confronted with new online-tracking technologies, courts have examined the manner in which electronic communications are intercepted online. As the Third Circuit explained in Popa v. Harriet Carter Gifts, Inc. traditional telephone wiretapping is a much more straightforward analysis. “Picture the days before wireless communication when police tapped a phone line by cutting the telephone wire that carried the conversation from one line to the other and adding a wire to the officer's own phone. There, cutting the wire and attaching another one is clearly an act taken to gain possession of the wire communication, and thus an intercept occurred where that wire was cut.” Popa v. Harriet Carter Gifts, Inc., 52 F.4th 121, 130 (3d Cir. 2022).
For online communications, courts investigate both:
- When the communication was collected: before, during, or after it was sent to the intended recipient
- Where the communication was collected: directly from the sender or from some other source.
The Ninth Circuit confronted this issue in Konop v. Hawaiian Airlines, Inc., 302 F.3d 868 (9th Cir. 2002) when the internet was still in its infancy. In Konop, the plaintiff brought a Wiretap Act lawsuit against his employer for using borrowed credentials to review his personal website where he had allegedly posted negative reviews of his employer. The court rejected the Wiretap Act claim holding that ECPA and its inclusion of the Stored Communication Act created a requirement that electronic communications that must be acquired “contemporaneous with transmission” and not taken from storage. See also Luis v. Zang, 833 F.3d 619, 627 (6th Cir. 2016) (“Once the transmission of the communication has ended, the communication ceases to be a communication at all. The former communication instead becomes part of ‘electronic storage.’”).
The Konop court reasoned that “[t]his conclusion is consistent with the ordinary meaning of ‘intercept,’ which is ‘to stop, seize, or interrupt in progress or course before arrival.’” Id. Court have applied Konop’s reasoning to other wiretap statutes such as CIPA, holding that “[t]o be liable, a defendant must have ‘read or learned the contents of a communication while the communication was in transit, or in the process of being sent or received.’” Jones v. Tonal Sys., Inc., 751 F. Supp. 3d 1025, 1036 (S.D. Cal. 2024).
Courts have recognized that, at the pleading stage, it is difficult or impossible for plaintiffs to allege with precision the technical aspects of third-party online tracking technology. As one court explained, a heightened pleading standard regarding the technical aspects of online interception “would require the CIPA plaintiff to engage in a one-sided guessing game because the relevant information about data capture typically resides uniquely in the custody and control of the CIPA defendant and its third-party recorder.” D'Angelo v. Penny OpCo, LLC, No. 23-cv-0981=, 2023 WL 7006793, at *8 (S.D. Cal. Oct. 24, 2023).
Nevertheless, plaintiffs should avoid conclusory allegations that communications are intercepted and provide some allegations regarding how the interceptions occur. Numerous courts have found that “allegations that [communications] are intercepted in real time through the use of computer code provides sufficient factual detail to support” interception. Esparza v. UAG Escondido A1 Inc., No. 23-cv-0102, 2024 WL 559241, at *3 (S.D. Cal. Feb. 12, 2024) (emphasis added); see also James v. Walt Disney Co., 701 F. Supp. 3d 942, 962 (N.D. Cal. 2023) (“[O]nce [the tracking software] is on the device, it then begins to intercept communications when the user makes communications to the website.”). Some courts have additionally been persuaded by allegations that the third-party tracking technology advertises its ability to provide “real-time” tracking of users. See Valenzuela v. Nationwide Mut. Ins. Co., 686 F. Supp. 3d 969, 977 (C.D. Cal. 2023).
Note, under statutes that allow for one-party consent to interception, such as the Wiretap Act, additional analysis will be required to establish a violation beyond the interception element discussed here.
Considerations for Practitioners
While there is no one-size-fits-all approach to litigating the “interception” element of the Wiretap Act and similar state statutes, plaintiffs should pay close attention to this element and avoid conclusory pleadings.
Specifically, plaintiffs should identify the tracking software and its manufacturer and the manner in which it operates. For example, allegations should identify how tracking software is embedded on a website and how that software interacts with a users’ mobile or desktop browser as they navigate the relevant website. Given the nature of these tracking technologies, plaintiffs should identify contemporaneous collections of data and the transmission of that data to any third-party’s servers in real time.
Plaintiffs should also be mindful of the requirement that data may not be considered “intercepted” by a court if the unauthorized third-party does not receive the information while it is being transmitted by the user. Plaintiffs may also be able to allege that the public-facing statements made by the vendors of the tracking technology state the ability of these companies to collect information for targeted advertisements instantaneously.
Building Stronger Data Privacy Cases
Plaintiffs attorneys need reliable tools to address the complexities of modern privacy laws. With third-party tracking technologies increasingly used to intercept sensitive communications, gathering compelling evidence is crucial for making strong claims under the Wiretap Act and similar statutes.
This is where Darrow can help.
Our Legal Intelligence Platform uses AI, legal intelligence, and advanced data analysis to detect potential wiretap violations that might otherwise go unnoticed. We identify patterns and anomalies within large datasets, helping plaintiff attorneys build stronger, evidence-backed cases. Throughout the litigation process, we provide expert support, from evidence collection to case strategy, ensuring our partners have the resources needed to succeed.
Contact us today to learn how to enhance your next privacy-related class action.
This Might Interest You:
Partner With Darrow to Grow Your Practice
