Cacophony or Concerto?: Analyzing the Applicability of the Wiretap Act’s Party Exception for Duplicate GET Requests (pdf)

Article PDF cannot be displayed. You can download it here:

https://ir.lawnet.fordham.edu/cgi/viewcontent.cgi?article=5896&context=flr

Cacophony or Concerto?: Analyzing the Applicability of the Wiretap Act’s Party Exception for Duplicate GET Requests

Fordham Law Review Volume 90 Issue 2 Article 17 2021 Cacophony or Concerto?: Analyzing the Applicability of the Wiretap Act’s Party Exception for Duplicate GET Requests David Koenig Fordham University School of Law Follow this and additional works at: https://ir.lawnet.fordham.edu/flr Part of the Communications Law Commons, and the Computer Law Commons Recommended Citation David Koenig, Cacophony or Concerto?: Analyzing the Applicability of the Wiretap Act’s Party Exception for Duplicate GET Requests, 90 Fordham L. Rev. 951 (2021). Available at: https://ir.lawnet.fordham.edu/flr/vol90/iss2/17 This Note is brought to you for free and open access by FLASH: The Fordham Law Archive of Scholarship and History. It has been accepted for inclusion in Fordham Law Review by an authorized editor of FLASH: The Fordham Law Archive of Scholarship and History. For more information, please contact . CACOPHONY OR CONCERTO?: ANALYZING THE APPLICABILITY OF THE WIRETAP ACT’S PARTY EXCEPTION FOR DUPLICATE GET REQUESTS David Koenig* The Electronic Communications Privacy Act (“Wiretap Act”) prohibits the intentional interception of an electronic communication. However, “parties to a communication” can intercept a communication without Wiretap Act liability. Parties include the intended recipients of a communication. When internet users navigate the internet, they communicate with websites using GET requests. The users’ GET requests call out to websites and websites respond by providing the websites’ content to the users. During this process, websites receive user data. This data can include information about the website visited, the search terms used to locate the website, and referral data identifying the last web page the users visited. Digital advertisers may populate websites users visit with advertisements or plug-ins that allow users to “like” content. In doing so, advertisers generate secondary GET requests between users and advertisers. Secondary GET requests are duplicates of the GET requests between users and websites insofar as they share user data. Advertisers retain and identify this data. In the Third and Ninth Circuits, internet users argued that digital advertisers used the duplicate GET requests to intercept user data contained in the GET requests between users and websites—arguably a violation of federal law under the Wiretap Act. Digital advertisers invoked the party exception, arguing that advertisers were parties to the duplicate GET request between internet users and advertisers. If so, the advertisers would be parties to the user data received in the duplicate GET requests and exempt from Wiretap Act liability. The Third Circuit held that the party exception applied to the advertisers’ duplicate GET requests. The Ninth Circuit rejected this approach and held that the party exception did not apply. This Note argues that digital advertisers are unintended recipients that are ineligible for the party exception. First, transmitting duplicate user data via * J.D. Candidate, 2022, Fordham University School of Law; B.A., 2015, University of Washington. Thank you to my friends and family for their support—to whom I wish long, happy, safe, and peaceful lives. My sincere appreciation to the editors and staff of the Fordham Law Review for their guidance, encouragement, and expertise. 951 952 FORDHAM LAW REVIEW [Vol. 90 a second communication is an effective—and sometimes necessary—method of interception for electronic communications on the internet. In that case, duplicate GET requests may indicate interception. This requires courts to analyze shared data, not individual GET requests. Second, equating a direct recipient of a duplicate GET request with an intended recipient lacks judicial support and cannot properly decide party status. Third, users enter URLs or click hyperlinks to navigate the internet. This identifies the websites that users visit as the intended recipients of user data, not digital advertisers. As such, advertisers are best categorized as unintended recipients and therefore ineligible for the Wiretap Act’s party exception. INTRODUCTION.................................................................................. 953 I. A BRIEF HISTORY OF WIRETAPPING AND WIRETAP PROTECTIONS ......................................................................... 957 A. Emergence of Wiretapping and the Legislative Response 958 B. Updating Wiretap Protections for Modern Technologies 959 C. Outlining a Prima Facie Wiretap Act Claim.................... 960 D. Statutory Exceptions to Wiretap Act Liability .................. 961 II. NAVIGATING THE WIRETAP ACT’S PARTY EXCEPTION ANALYSIS ............................................................................... 962 A. Identifying Parties: Affirmative Acts and Recipients....... 962 1. Path One: Affirmative Acts May Indicate Party Status ......................................................................... 962 2. Path Two: Recipients May Qualify for Party Status . 964 B. Distinguishing Between Intended and Unintended Recipients........................................................................ 965 1. Analyzing Manifestations of Sender Intent ............... 966 2. Analyzing a Communication’s Intended Destination 967 C. Recipient Behavior May Also Affect Party Status ............ 968 1. Manufactured Recipients ........................................... 968 2. Surreptitious Listeners ............................................... 969 D. Party Status Also Depends on the Scope of a Communication ............................................................... 970 III. THIRD AND NINTH CIRCUITS REACH OPPOSITE RESULTS ON THE PARTY EXCEPTION IN REGARD TO DUPLICATE GET REQUESTS............................................................................... 971 A. Third Circuit: Digital Advertisers Are Exempt Parties ... 971 B. A GET Request Circuit Split: The First, Seventh, and Ninth Circuits Disagree with the Third Circuit ........................ 974 1. First and Seventh Circuits: Duplicate Communications Are Indicia of Wiretap Interception .......................... 974 2021] CACOPHONY OR CONCERTO? 953 2. Ninth Circuit: Digital Advertisers Are Not Exempt Parties ........................................................................ 975 IV. DIGITAL ADVERTISERS ARE UNINTENDED RECIPIENTS AND INELIGIBLE FOR THE PARTY EXCEPTION................................ 977 A. Duplicate GET Requests Create a Possibility of Interception ..................................................................... 977 B. Direct Receipt of GET Requests Cannot Decide Party Status .............................................................................. 981 C. Digital Advertisers Are Ineligible for the Party Exception ........................................................................ 984 1. Manifestations of Sender Intent and GET Request Data ........................................................................... (...truncated)