1 2 3 4 UNITED STATES DISTRICT COURT 5 NORTHERN DISTRICT OF CALIFORNIA 6 7 ALI AL-AHMED, Case No. 21-cv-08017-EMC
8 Plaintiff, ORDER GRANTING DEFENDANT 9 v. TWITTER’S MOTION TO DISMISS
10 TWITTER, INC., et al., Docket No. 62 11 Defendants.
12 13 14 I. INTRODUCTION 15 Plaintiff Al-Ahmed is a critic of the Kingdom of Saudi Arabia (“KSA”) who has been 16 granted asylum in the United States. Between 2013 and 2015, two of Twitter’s (now former) 17 employees accessed user information without authorization and provided it to KSA government 18 officials. The employees were indicted in 2019. On October 13, 2021, Al-Ahmed sued the former 19 employees and Twitter. Specifically, Al-Ahmed sued Twitter for violating the Electronics 20 Communications Privacy Act (“EPCA”); the Computer Fraud and Abuse Act (“CFAA”); the 21 Stored Communications Act (“SCA”); California’s Unfair Competition Law (“UCL”); breach of 22 contract; intrusion upon seclusion; unjust enrichment; promissory estoppel; negligence; negligent 23 hiring, supervision, and retention; civil conspiracy; and replevin. See Docket No. 1 (“original 24 complaint”). In Al-Ahmed’s First Amended Complaint, he adds claims for breach of the duty of 25 loyalty, aiding and abetting breach of fiduciary duty, an additional UCL claim, and interference 26 with prospective economic advantage. See Docket No. 55 (“FAC”). Notably, Al-Ahmed does not 27 add a claim under the Lanham Act, for which he was granted leave to amend after this Court 1 led to the KSA targeting him and those around him. Furthermore, he alleges that Twitter’s 2 suspension of his account in 2018 punishes him—the victim—and demonstrates that Twitter was 3 complicit in their former employees’ conduct, or at least that Twitter ratified their conduct. 4 The Court dismissed Al-Ahmed’s first complaint with leave to amend. See Al-Ahmed v. 5 Twitter, Inc., No. 21-CV-08017-EMC, 2022 WL 1605673, at *5 (N.D. Cal. May 20, 2022). He 6 filed an amended complaint. See FAC. Pending now is Twitter’s motion to dismiss Al-Ahmed’s 7 FAC. See Docket No. 62 (“Mot.”). Twitter argues that (1) Al-Ahmed lacks Article III standing, 8 (2) his claims are barred by the statute of limitations, (3) he does not plausibly plead that Twitter is 9 vicariously liable for its rogue employees’ acts on behalf of the KSA, (4) the Community Decency 10 Act (“CDA”) immunity bars many of his claims, (5) Twitter’s Terms of Service (“TOS”) bars 11 many of his claims, and (6) individual actions fail for numerous claim-specific reasons. The Court 12 only addresses Article III standing, the statute of limitations, and CDA immunity because each of 13 Al-Ahmed’s claims fail for one of these three reasons. 14 II. BACKGROUND 15 A. Factual Background 16 Al-Ahmed alleges as follows in his FAC: 17 Al-Ahmed is one of the leading critics of the KSA who resides and has been granted 18 asylum in the United States. FAC ¶ 17. Between August 2013 and December 2015, Twitter 19 employees accessed user data without authorization and provided the data to KSA government 20 officials. Id. ¶¶ 22–23. Twitter failed to detect these breaches for more than a year. Id. ¶ 26. Al- 21 Ahmed’s Arabic Twitter account, which has over 36,000 followers worldwide, was one of the 22 accounts breached during this time. Id. ¶ 21. Al-Ahmed contends that Twitter’s conduct resulted 23 in the compromising of his private information, including his “email addresses, contacts, phone 24 numbers, birth dates, and internet protocol (“IP”) addresses;” and his “Tweets, private messages, 25 direct message, online chats, friend requests, file transfers, file uploads, and file downloads.” Id. 26 ¶¶ 24, 79. He also alleges confidential information provided by his followers and journalistic 27 sources was compromised. Id. ¶ 4. Al-Ahmed alleges his private information was used by the 1 attempting to kidnap and kill him on multiple occasions. Id. ¶ 18. Al-Ahmed alleges his 2 followers on Twitter and those who otherwise contacted him using Twitter, have disappeared, 3 been arrested, or have been executed. Id. ¶ 27. Examples of such third-party harms include the 4 jailing of Saudi dissident Abdullah al-Hamid, whom the KSA jailed in 2013, and the murder of 5 journalist Jamal Khashoggi in 2018, which Al-Ahmed alleges was not uncoincidental to the 6 KSA’s espionage against Twitter. Id. ¶¶ 27, 57. According to the FAC, “the KSA managed to 7 fully silence Al-Ahmed when [Twitter] . . . suspend[ed his] Arabic Twitter account, without 8 explanation, warning, or justification. Id. ¶ 28. 9 On November 19, 2019, the two Twitter employees allegedly responsible for hacking Al- 10 Ahmed’s account were indicted for acting as agents of the KSA. Id. ¶ 7. Defendant Ahmad 11 Abouammo (“Abouammo”) was the Media Partnerships Manager responsible for the Middle East 12 and North Africa region at Twitter. Id. ¶ 5. Defendant Ali Hamad A. Alzabarah (“Alzabarah”) 13 was a Site Reliability Engineer whose responsibility was maintaining Twitter’s hardware and 14 software to ensure uninterrupted service. Id. ¶ 6. 15 1. Twitter’s Notice 16 On or about December 11, 2015, Twitter sent the following notice to the users whose data 17 was accessed by Abouammo and Alzabarah:
18 Dear @{{screen_name}}, As a precaution, we are alerting you that your Twitter account is one of a small group of accounts that 19 may have been targeted by state-sponsored actors. We believe that these actors (possibly associated with a government) may 20 have been trying to obtain information such as email addresses, IP addresses, and/or phone numbers. 21 At this time, we have no evidence they obtained your account 22 information, but we’re actively investigating this matter. We wish we had more we could share, but we don’t have any additional 23 information we can provide at this time.
24 It’s possible your account may not have been an intended target of the suspected activity, but we wanted to alert you as soon as 25 possible. We recognize that this may be of particular concern if you choose to Tweet using a pseudonym. For tips on protecting your 26 identity online, you may want to visit the Tor Project or EFF’s Protecting Yourself on Social Networks. 27 1 According to Al-Ahmed, this notice was insufficient to inform him of the scope and nature 2 of the problem because it did not indicate that Abouammo and Alzabarah committed these data 3 breaches at the direction of Twitter, and while located on Twitter’s premises, employed by 4 Twitter, and using Twitter’s resources. Id. ¶ 46. Therefore, Al Ahmed alleges he did not, and 5 could not have reason to know of Twitter’s involvement until the public indictment of the 6 employees in 2019. Id. ¶ 47. Further, Al-Ahmed alleges for the first time in his FAC that he did 7 not in fact receive the notice. Id. ¶ 48. 8 2. Twitter’s Alleged Actions in Aid of the KSA 9 Al-Ahmed alleges that Twitter provided Abouammo and Alzabarah with access to 10 Twitter’s resources with the full knowledge that they were improperly accessing user data, that 11 Twitter helped them provide the information to the KSA, and Twitter helped them cover their 12 tracks by purging its internal database of incriminating evidence. Id. ¶ 25. 13 Al-Ahmed also alleges that Twitter’s Privacy Policy suggests that a user can adjust their 14 account settings so their Tweets can only be viewed by the user’s Twitter followers. Id. ¶¶ 31–32. 15 This created an illusion of security and safety relied upon by Al-Ahmed and others. Id. Al- 16 Ahmed alleges that Twitter failed to safeguard user data, evidenced by its disclosure to the 17 Securities and Exchange Commission in 2020 that it received a draft complaint from the Federal 18 Trade Commission alleging “violations…[r]elate[d] to the Company’s use of phone number 19 and/or email address data provided for safety and security purposes [ostensibly for targeted 20 advertising] during periods between 2013 and 2019.” Id. ¶ 38. Thus, he argues Twitter 21 negligently failed to implement policies, practices, and safeguards that would have prevented the 22 acts of its former employees. Id. 23 3. Twitter’s Relationship with the KSA 24 In 2011, Saudi Prince Alwaleed Bin Talal purchased $300 million worth of stock in 25 Twitter. Id. ¶ 3. In 2015, Bin Talal made an additional investment, and now owns 5.2% of the 26 company, more than Twitter’s founder and former CEO, Jack Dorsey (“Dorsey”). Id. Bin Talal 27 later signed over many of his assets to Crown Prince of Saudi Arabia Mohammed Bin Salman. Id. 1 mastermind” behind the Twitter spy scandal. Id. ¶ 39. He claims that Asaker is “Foreign Official- 2 1” in the United States Attorneys Offices’ indictment against Abouammo and Alzabarah. Id. ¶ 41. 3 Al-Ahmed alleges that Asaker provided Abouammo and Alzabarah with “gifts, cash payments, 4 and promises of future employment in exchange for nonpublic information about Twitter uses, 5 which constituted valuable property...” Id. Furthermore, Dorsey met with both Asaker and Bin 6 Salman at Twitter’s headquarters on June 25, 2016, and at least one additional time in Riyadh 7 thereafter. Id. ¶ 43. Dorsey and Asaker follow each other on Twitter. Id. ¶ 44. 8 4. Twitter’s Suspension of Al-Ahmed’s Account 9 In 2018, Al-Ahmed’s Twitter account was suspended, preventing him from accessing his 10 followers. Id. ¶¶ 28, 30. The basis of his suspension was an allegedly abusive direct message 11 (“DM”) Al-Ahmed sent using his Arabic language Twitter account. Id. ¶ 50. Al-Ahmed alleges 12 that as a result, he lost significant revenue and earning potential related to his work as a journalist, 13 as much of his work was contingent on his online presence. Id. ¶ 59. Al-Ahmed further alleges 14 that his appeal of the suspension failed despite Alzabarah and Abouammo’s indictment. Id. ¶ 29. 15 According to Al-Ahmed, preventing access to his account, punishes the victim and “ratifie[s] the 16 actions of its supposedly errant employees and show[s] [Twitter’s] continuing allegiance to the 17 KSA.” Id. 18 Al-Ahmed also alleges that his suspension is the result of Twitter and the KSA’s campaign 19 against him. Id. ¶ 50. He asserts “agents of the KSA or other Twitter employees accessed his 20 “private Twitter accounts to read and manipulate content, including, but not limited to, purported 21 private/direct exchange messages that were then used as a pretext by Twitter” to suspend his 22 Arabic-language account. Id. Al-Ahmed claims he does not recognize the statement attributed to 23 him, the message was a “fabrication,” and is an incorrect translation. Id. ¶¶ 50–51. The English 24 translation of the message provided by Twitter reads, “Damn your mother, you Ahmari, you 25 mountain monkey, you Ethiopian, you slave, you pagan, you cow, you beast of burden! … I see 26 your face and your teeth sticking out. Damn your father and Khomeini, you slave, you beast of 27 burden, you animal!” Id. ¶ 50; see Docket No. 31, Ex. 5. According to Al-Ahmed, “Twitter’s 1 slang term in Arabic. Likewise, ‘I see your face’ is not accurate—it actually says, ‘look at 2 yourself’; also, ‘your teeth sticking out’ is entirely inaccurate.” FAC ¶ 51. Lastly, Al-Ahmed 3 alleges Twitter’s choice to suspend him from his Arabic-language account, not his English- 4 language account, proves that “Twitter’s true intent” was to “censor Plaintiff on behalf of 5 Twitter’s Saudi Arabian investors.” Id. ¶ 53. 6 B. Procedural Background 7 Twitter previously filed a request for judicial notice (“RJN”) and incorporation, as well as 8 a motion to dismiss Al-Ahmed’s original complaint. See Docket No. 30 (“Twitter’s First Motion 9 to Dismiss”); Docket No. 31 (“RJN”). 10 1. Request for Judicial Notice and Incorporation 11 This Court granted Twitter’s RJN, taking notice and incorporating by reference the 12 following:
13 (a) Twitter’s December 11, 2015 email and in-app notices. Docket No. 29-5 (“Srinivasan Declaration”), Ex. A (“Twitter Employee 14 Declaration”), Ex. 1–2.
15 (b) Twitter’s records reflecting that the December 11, 2015 email notice and in-app notice were sent to Al-Ahmed. Twitter Employee 16 Declaration, Ex. 3–4.
17 (c) A screenshot of Al-Ahmed’s active Twitter account. Srinivasan Declaration, Ex. B. 18 (d) A publicly available Twitter post made by Ali Al-Ahmed that 19 lists his phone number. Srinivasan Declaration, Ex. C.
20 (e) A publicly available press release listing Al-Ahmed’s phone number and e-mail address. Srinivasan Declaration, Ex. D. 21 (f) Twitter’s current and prior terms of service. Srinivasan 22 Declaration, Ex. E; Twitter Employee Declaration, Ex. 6A–6N. 23 See Al-Ahmed, 2022 WL 1605673, at *5. 24 Twitter also asked this Court to incorporate by reference the allegedly abusive Twitter 25 message for which Al-Ahmed was suspended and a certified English translation of that message. 26 See id.; Twitter Employee Declaration, Ex. 5. This Court DENIED Twitter’s motion because Al- 27 Ahmed’s original complaint made “no reference to the message and Al-Ahmed’s claims were not 1 2. Motion to Dismiss 2 This Court GRANTED Twitter’s motion to dismiss Al-Ahmed’s original complaint on the 3 following grounds: (1) Al-Ahmed lacked Article III standing—excepting his claims based on 4 invasion of privacy—because he failed to establish a causal nexus between Twitter’s actions and 5 his injuries, and any such injury was not particularized to Al-Ahmed; (2) all of Al-Ahmed’s claims 6 against Twitter related to the unauthorized intrusion of his Twitter account were barred by the 7 statute of limitations; (3) Twitter’s CDA immunity extended to all of Al-Ahmed’s suspension- 8 based claims; and (4) Al-Ahmed failed to articulate why Twitter’s failure to provide a justification 9 for the suspension of his account constitutes a breach of contract. See Al-Ahmed, 2022 WL 10 1605673, at *7-8, 14 & 20. 11 This Court GRANTED Al-Ahmed leave to amend the Complaint to allege a Lanham Act 12 claim that falls within the scope of the CDA’s intellectual property exception. Id. at 20. As noted, 13 Al-Ahmed has failed to add a claim under the Lanham Act in his FAC. 14 III. LEGAL STANDARD 15 Federal Rule of Civil Procedure 8(a)(2) requires a complaint to include “a short and plain 16 statement of the claim showing that the pleader is entitled to relief.” Fed. R. Civ. P. 8(a)(2). A 17 complaint that fails to meet this standard may be dismissed pursuant to Rule 12(b)(6). See Fed. R. 18 Civ. P. 12(b)(6). To overcome a Fed. R. Civ. P. 12(b)(6) motion to dismiss after the Supreme 19 Court’s decisions in Ashcroft v. Iqbal, 556 U.S. 662 (2009) and Bell Atlantic Corporation v. 20 Twombly, 550 U.S. 544 (2007), a plaintiff’s “factual allegations [in the complaint] ‘must . . . 21 suggest that the claim has at least a plausible chance of success.’” Levitt v. Yelp! Inc., 765 F.3d 22 1123, 1135 (9th Cir. 2014). The court “accept[s] factual allegations in the complaint as true and 23 construe[s] the pleadings in the light most favorable to the nonmoving party.” Manzarek v. St. 24 Paul Fire & Marine Ins. Co., 519 F.3d 1025, 1031 (9th Cir. 2008). But “allegations in a 25 complaint . . . may not simply recite the elements of a cause of action [and] must contain sufficient 26 allegations of underlying facts to give fair notice and to enable the opposing party to defend itself 27 effectively.” Levitt, 765 F.3d at 1135 (quoting Eclectic Props. E., LLC v. Marcus & Millichap 1 factual content that allows the court to draw the reasonable inference that the Defendant is liable 2 for the misconduct alleged.” Iqbal, 556 U.S. at 678. “The plausibility standard is not akin to a 3 ‘probability requirement,’ but it asks for more than a sheer possibility that a defendant has acted 4 unlawfully.” Id. (quoting Twombly, 550 U.S. at 556). 5 IV. ANALYSIS 6 A. Article III Standing 7 Under Rule 12(b)(1), a party may move to dismiss for lack of subject matter jurisdiction. 8 “[L]ack of Article III standing requires dismissal for lack of subject matter jurisdiction under 9 [Rule] 12(b)(1).” Maya v. Centex Corp., 658 F.3d 1060, 1067 (9th Cir. 2011). The “irreducible 10 constitutional minimum” of standing requires that a “plaintiff must have (1) suffered an injury in 11 fact, (2) that is fairly traceable to the challenged conduct of the defendant, and (3) that is likely to 12 be redressed by a favorable judicial decision.” Spokeo, Inc. v. Robins, 578 U.S. 330, 136 S. Ct. 13 1540, 1547, 194 L.Ed.2d 635 (2016). These three elements are referred to as, respectively, injury 14 in fact, causation, and redressability. Planned Parenthood of Greater Was. & N. Idaho v. U.S. 15 Dep’t of Health & Human Servs., 946 F.3d 1100, 1108 (9th Cir. 2020). The alleged injury in fact 16 must be “concrete, particularized, and actual or imminent.” TransUnion LLC v. Ramirez, 141 S. 17 Ct. 2190, 2203 (2021). “For an injury to be ‘particularized,’ it must affect the plaintiff in a 18 personal and individual way” and “[o]nly those plaintiffs who have been concretely harmed by a 19 defendant's statutory violation may sue that private defendant over that violation in federal court.” 20 Spokeo, 136 S. Ct. at 1548 (internal quotation marks omitted); Ramirez, 141 S. Ct. at 2205. “The 21 plaintiff, as the party invoking federal jurisdiction, bears the burden of establishing these 22 elements[.]” Spokeo, 136 S. Ct. at 1547 (quoting Warth v. Seldin, 422 U.S. 490, 518 (1975)). 23 Al-Ahmed’s claims arise from two separate events: (1) the former Twitter employees’ 24 unauthorized access into Twitter accounts at the behest of the KSA between 2013 and 2015, and 25 (2) the May 2018 suspension of Al-Ahmed’s Arabic Twitter account. Mot. at 6. Twitter argues 26 that Al-Ahmed lacks Article III standing relating to the KSA’s espionage, and therefore all claims 27 against Twitter (except Replevin) must be dismissed. Id. 1 Twitter’s first motion to dismiss: (1) an injury exists solely by virtue of statutes creating legal 2 rights; (2) Twitter’s invasion of his privacy is a harm in itself; and (3) he has nevertheless alleged 3 a concrete and particularized injury apart from the invasion to his privacy. See Docket No. 63 at 4 3–5 (“Opp’n”) (citing Havens Realty Corp. v. Coleman, 455 U.S. 363, 373 (1982) (internal 5 quotations omitted)). 6 1. First and Third Arguments 7 The first argument fails because it was explicitly rejected by the Supreme Court in 2016. 8 Spokeo II, 136 S. Ct. at 1543 (“Article III standing requires a concrete injury even in the context of 9 a statutory violation.”). The third argument fails because Al-Ahmed does not identify a concrete 10 and personal injury separate from the invasion of privacy itself. While Al-Ahmed has amended 11 his complaint to include the allegation that “as a freelance journalist and author this has cost me 12 hundreds of thousands of dollars in lost revenue from writing articles and books and through 13 podcasts,” FAC ¶ 60, this fails to establish standing because it lacks any causal connection to the 14 alleged KSA-sponsored espionage claims. Instead, it was Twitter’s suspension of his account in 15 2018 that prevented him “from accessing the tens or thousands of KSA and other Arab-language 16 followers and sources [that] curtailed [his] ability to report credibly and in real time on events 17 unfolding in the KSA [and cost him his revenue.]” Id.; see also id. ¶¶ 58–61. “The hacking of his 18 account is distinct from the termination of his account.” Al-Ahmed, 2022 WL 1605673, at *7. 19 2. Invasion of Privacy 20 The remaining question is whether an invasion of privacy is sufficiently concrete and 21 particularized to confer Article III standing. In its previous order on Twitter’s motion to dismiss, 22 this Court said it did. Al-Ahmed, 2022 WL 1605673, at *8. Al-Ahmed alleges Twitter invaded his 23 privacy by intercepting his “personal information regarding…email addresses, contacts, phone 24 numbers, birth dates, and internet protocol (“IP”) addresses;” and his “Tweets, private messages, 25 direct message, online chats, friend requests, file transfers, file uploads, and file downloads.” 26 FAC ¶¶ 24, 79. The Supreme Court suggested such an invasion of privacy is within the scope of 27 Article III standing in Ramirez: “Various intangible harms can also be concrete. Chief among 1 for lawsuits in American courts. Those include, for example, reputational harms, disclosure of 2 private information, and intrusion upon seclusion.” Ramirez, 141 S. Ct. at 2204. 3 In the years between Spokeo and Ramirez, the Ninth Circuit has consistently found Article 4 III standing in privacy-related claims. See Campbell v. Facebook, Inc., 951 F.3d 1106 (9th Cir. 5 2020). Therefore, an invasion of privacy as a harm, particularly as analogous to that recognized in 6 common law, is sufficient. See, e.g., Eichenberger v. ESPN, Inc., 876 F.3d 979, 983 (9th Cir. 7 2017) (“Privacy torts do not always require additional consequences to be actionable . . . the 8 ‘intrusion itself’ makes the defendant liable.” (citing Restatement (Second) of Torts § 652B cmt. 9 b. (Am. Law Inst. 1977)); In re Facebook, Inc. Internet Tracking Litig., 956 F.3d 589, 599 (9th 10 Cir. 2020) (“Plaintiffs have sufficiently alleged a clear invasion of the historically recognized right 11 to privacy. Therefore, Plaintiffs have standing to pursue their privacy claims under the Wiretap 12 Act, SCA, and CIPA[.]”). 13 Still, Twitter argues that even if invasion of privacy is a sufficient injury in some cases, it 14 is not sufficient here for two reasons. First, Twitter claims Al-Ahmed’s invasion of privacy 15 allegation is insufficient because the “information he alleges was exposed was already public.” 16 Mot. at 8 (“[plaintiff] cannot assert any privacy claim as to information that she has already 17 released to the public” (citing Wasson v. Sonoma Cnty. Jr. Coll. Dist., 4 F. Supp. 2d 893, 908 18 (N.D. Cal. 1997)). Second, Twitter argues that Al-Ahmed has not “pled sufficient facts to 19 establish a concrete injury.” Id. (citing Shelton v. Hal Hays Constr., Inc., No. 20 EDCV16360VAPKKX, 2016 WL 8904414, at *5 (C.D. Cal. July 29, 2016)). The private 21 information Al-Ahmed alleges Twitter publicly exposed are his “personal information 22 regarding…email addresses, contacts, phone numbers, birth dates, and internet protocol (“IP”) 23 addresses;” and his “Tweets, private messages, direct message, online chats, friend requests, file 24 transfers, file uploads, and file downloads.” FAC ¶¶ 24, 79. Twitter notes that Al-Ahmed’s 25 “Twitter followers or contacts were publicly available on his Twitter profile[,]…his e-mail 26 addresses and phone number have been publicly available on the Internet since as early as January 27 2014[,]…and it is [] implausible that the KSA did not already have his birthdate.” Mot. at 8. 1 80237 CRB (NC), 2013 WL 4536808, at *10 (N.D. Cal. Aug. 22, 2013). 2 While it is debatable whether some of the information at issue is sufficiently “private,” the 3 Supreme Court was clear in Ramirez that the common-law analogue of a plaintiff’s asserted injury 4 need not be an exact duplicate. See Leonard v. McMenamins, Inc., No. 2:22-CV-00094-BJR, 5 2022 WL 4017674 (W.D. Wash. Sept. 2, 2022) (citing Bohnak v. Marsh & McLennan Cos., Inc., 6 580 F. Supp. 3d 21, 30 (S.D.N.Y. 2022) (“[I]n light of the TransUnion Court’s admonition that 7 common-law analogs need not provide ‘an exact duplicate,’ as well as its explicit reference to 8 [public disclosure of private information] as an example of traditionally judicially cognizable 9 intangible harm, I find the fit sufficiently close.”). Thus, Al-Ahmed’s injury should not be 10 negated simply because the privacy of his information is still in debate. More importantly, Twitter 11 fails to explain how Al-Ahmed’s private messages, direct message, online chats, friend requests, 12 file transfers, file uploads, and file downloads are not sufficiently private to confer standing. As 13 construed in Al-Ahmed’s favor, the FAC sufficiently alleges private information not publicly 14 available was hacked. 15 As to Twitter’s claim that Al-Ahmed has not pled facts sufficient to establish an injury, the 16 Court disagrees. The paragraphs in Al-Ahmed’s complaint which outline the information at issue 17 may be sparse when viewed in isolation, but when viewed in the context of the entire complaint 18 they plausibly allege invasion of privacy. Two Twitter employees targeted Al-Ahmed’s Twitter 19 data while engaged in espionage for the KSA. See FAC. The FAC suggests that at the very least, 20 Twitter, and Twitter employees (including Abouammo and Alzabarah), could access Al-Ahmed’s 21 private messages and direct messages and provide them to the KSA, thereby putting Al-Ahmed 22 personally at risk. See, e.g., id. ¶¶ 50, 62. Therefore, the Court maintains that “Al-Ahmed’s injury 23 is sufficiently concrete and particularized.” Al-Ahmed, 2022 WL 1605673, at *8. 24 Next, Twitter again argues that Al-Ahmed fails to establish that his alleged injury is “fairly 25 traceable to Twitter.” Opp’n at 9. 26 As before, to the extent that Al-Ahmed alleges that these breaches of privacy caused other 27 harms such as the disappearance, arrest, or execution of his followers, his claims fail because he 1 Twitter, Inc., No. 19-CV-06694-LB, 2020 WL 6947929, at *6 (N.D. Cal. Aug. 12, 2020). Any 2 harm to Al-Ahmed, if alleged to be a result of the harm or disappearance of his followers, cannot 3 be established due to lack of causation, and alleging harm to “several” Twitter users who either 4 followed him on Twitter or have messaged him, out of the 36,000 followers that he had, is 5 insufficient. Also, the specific examples Al-Ahmed provides remain unavailing. First, Al-Ahmed 6 points to a follower of his Twitter account who was also a Saudi dissident and journalist. FAC ¶ 7 27. The article cited by Al-Ahmed describes him as “one of the kingdom’s most prominent and 8 persistent dissidents” who had “frequent prison terms.” Id. ¶¶ 27–28, n.8. Next, Al-Ahmed 9 comments that the journalist Jamal Khashoggi was “not uncoincidentally slain following” the hack 10 of Al-Ahmed’s Twitter. Id. ¶ 57. Al-Ahmed’s belief is based on the KSA accessing “messages 11 between Plaintiff and individuals still living in, and in close proximity to, Saudi Arabia who were 12 in close contact with Jamal Khashoggi.” Id. However, these claims are conclusory and based on 13 mere speculation. See Twombly, 550 U.S. at 570. As such, Al-Ahmed fails to plead any facts that 14 suggest the breach of privacy led to either individual’s imprisonment or death. 15 On the other hand, even if consequential harm is not sufficiently pled, the alleged harm to 16 Al-Ahmed based on the unauthorized access of his Twitter account is traceable to Twitter because 17 Abouammo and Alzabarah were Twitter employees and obtained unauthorized access as a result 18 of Twitter’s failings. Opp’n at 5–6. Twitter counters that the privacy injury is not traceable to 19 Twitter based on vicarious liability because a plaintiff must demonstrate standing for each claim 20 he seeks…and for each form of relief that is sought,” and Al-Ahmed cannot, and has not, “asserted 21 a vicarious liability claim for each cause of action he pleads.” Mot. at 9 (citing Davis v. Fed. 22 Election Comm’n, 554 U.S. 724, 734 (2008)). Specifically, Twitter claims Al-Ahmed “(1) fails to 23 sufficiently plead that Twitter is vicariously liable for Abouammo and Alzabarah’s conduct; and 24 (2) even assuming arguendo that vicarious liability is adequately pled for certain claims, standing 25 is not dispensed in gross, and vicarious liability is inapplicable to several of his causes of action.” 26 See Docket No. 64 at 3 (“Reply”). 27 However, Twitter conflates Article III standing with the merits arguments. Al-Ahmed has 1 Whether Al-Ahmed may prevail on the merits on his vicarious liability claims as a matter of 2 substantive law is a question separate from whether Al-Ahmed demonstrated traceability for 3 standing purposes. As alleged, Abouammo and Alzabarah’s conduct is “fairly traceable” to 4 Twitter. 5 B. Statute of Limitations 6 1. Delayed Discovery Rule 7 Twitter argues that Al-Ahmed’s claims accrued when he received the 2015 notices alerting 8 him that his account information had been exposed. Mot. at 10–12; see also Twitter Employee 9 Declaration, Ex. 3–4. Since Al-Ahmed’s original complaint was filed on October 13, 2021, more 10 than 5 years have passed since the notice of the unauthorized intrusion of his Twitter account, and 11 more than 3 years have passed since the suspension of his account. Therefore, Twitter contends 12 that all Al-Ahmed’s claims, except his breach of contract and civil conspiracy claims (to the extent 13 they are premised on his account suspension) are time-barred. Mot. at 10–12.1 14 Al-Ahmed argues that his claims did not accrue until the Abouammo and Alzabarah’s 15 indictment in November 2019 and thus the statute did not start to run until then. He posits two 16 reasons. First, he argues the notice was insufficient because it did not include the fact that these 17
18 1 The ECPA, CFAA, SCA, promissory estoppel, intrusion upon seclusion, negligent hiring, and negligence claims each have two-year statutes of limitations. 18 U.S.C. § 2520(e) (two years 19 for ECPA claims); 18 U.S.C. § 1030(g) (two years for CFAA claims); 18 U.S.C. § 2707(f) (two years for SCA claims); Calhoun v. Google LLC, 526 F. Supp. 3d 605, 624 (N.D. Cal. 2021) (two 20 years limitation period for intrusion upon seclusion claims under Cal. Civ. Proc. Code § 335.1); So v. Shin, 212 Cal. App. 4th 652, 662 (2013) (two years for negligence claims under Cal. Civ. Proc. 21 Code § 335.1); McGowan v. Weinstein, 505 F. Supp. 3d 1000, 1025 (C.D. Cal. 2020) (two years for negligent hiring claims under Cal. Civ. Proc. Code § 335.1). UCL and breach of contract 22 claims have four-year statutes of limitations. Cal. Code of Civ. Proc. § 337(a) (four years for claims on written contracts); Cal. Bus. & Prof. Code § 17208 (four years for UCL claims). The 23 statutes of limitations for unjust enrichment, promissory estoppel, and civil conspiracy are based on the underlying wrong. Duke Gerstel Shearer, LLP v. Pursiano, No. D060374, 2012 WL 24 4712102, at *5 (Cal. Ct. App. Oct. 4, 2012); Newport Harbor Ventures, LLC v. Morris Cerullo World Evangelism, 6 Cal. App. 5th 1207, 1224, n.5 (2016), aff’d, 4 Cal. 5th 637 (2018); Maheu v. 25 CBS, Inc., 201 Cal. App. 3d 662, 673 (Ct. App. 1988). If founded on a quasi-contract theory, the claim is two years. Cal. Civ. Proc. Code § 339(1). If founded on conversion, fraud, or mistake, it 26 is three years. Cal. Civ. Code § 338(d); Maheu, 201 Cal. App. 3d at 673. If founded on a written contract, it is 4 years under Cal. Civ. Proc. Code § 337). Replevin has a three-year statute of 27 limitations. Cal. Code of Civ. Proc. § 338. Interference with prospective economic advantage 1 “state-sponsored actors” were located on Twitter’s premises, employed by Twitter, used Twitter’s 2 resources, and acted at the direction or tacit permission of Twitter. Id. at 9. Thus, Al-Ahmed 3 claims he had no reason to know or believe that Twitter was complicit in, or, at the very least, 4 negligent in its hiring, training, supervision and retention of Alzabarah and Abouammo, until their 5 public indictment on November 19, 2019. Id. Second, Al-Ahmed argues that he never received 6 an email or in-app notice from Twitter in December 2015, though he does not dispute the notice 7 was sent. See Opp’n at 8. Thus, he could not discover, and had no reason to discover, any cause 8 of action. Id. 9 Pursuant to the “delayed discovery rule,” the accrual of a cause of action is postponed until 10 the “plaintiff discovers, or has reason to discover, the cause of action.” Fox v. Ethicon Endo- 11 Surgery, Inc., 35 Cal.4th 797, 807 (2005). For the discovery rule to apply, the plaintiff “must 12 specifically plead facts to show (1) the time and manner of discovery and (2) the inability to have 13 made earlier discovery despite reasonable diligence.” Id. at 808 (internal quotation marks 14 omitted); see McGowan v. Weinstein, 505 F. Supp. 3d 1000, 1018–19 (C.D. Cal. 2020). A 15 plaintiff is “charged with presumptive knowledge of an injury if they have information of 16 circumstances to put [them] on inquiry or if they have the opportunity to obtain knowledge from 17 sources open to [their] supervision.” Fox, 35 Cal.4th at 807–08 (internal quotation marks 18 omitted). “Thus, in assessing the sufficiency of the allegations of delayed discovery, the court 19 places the burden on the plaintiff to ‘show diligence’; ‘conclusory allegations will not withstand 20 demurrer.’” Id. “Formal averments or general conclusions to the effect that the facts were not 21 discovered until a stated date, and that plaintiff could not reasonably have made an earlier 22 discovery, are useless.” Chione v. Medtronic, Inc., No. 14-CV-01043-BAS RBB, 2015 WL 23 2151889, at *4 (S.D. Cal. May 7, 2015) (quoting Anderson v. Brouwer, 99 Cal. App. 3d 176, 182 24 (1979)). 25 As the Court explained in its first order granting dismissal, Al-Ahmed’s argument that 26 Twitter’s notice was insufficient because it did not identify the “state-sponsored” actors as Twitter 27 employees is unconvincing. In Fox, the Supreme Court of California explained that “failure to 1 Cal.4th at 807. The Ninth Circuit has stated the same. Kyko Glob. Inc. v. Bhongir, No. 20-17526, 2 2021 WL 4958989 (9th Cir. Oct. 26, 2021) (“[The plaintiff] knew about its injury in 2013 when it 3 discovered the fraudulent accounts. It did not need to know the exact legal claim it could bring 4 against a specific defendant. Rather, it was enough that it had knowledge of the injury that gave 5 rise to the claim. Any liability it now claims against [the defendant] is derived from that injury in 6 2013.”). Thus, “Al-Ahmed’s ignorance of the identity of the perpetrators (being Twitter 7 employees) does not affect the statute of limitations…” Al-Ahmed, 2022 WL 1605673, at *11. 8 The fact remains that by virtue of the 2015 notices, if received, he would have been made aware 9 that he was injured as a result of unlawful hacking. 10 While this Court previously discounted Al-Ahmed’s second argument that he did not 11 receive the 2015 notices because his complaint failed to expressly allege that he did not receive 12 Twitter’s notice, Al-Ahmed has cured this deficiency in his FAC by including an express 13 allegation. FAC ¶¶ 48, 70. Nonetheless, as the Court previously found when it incorporated by 14 reference Twitter Employee Declaration, Exs. 3–4, Twitter sent the notice. Al-Ahmed, 2022 WL 15 1605673, at *4. Exhibit 3 is a copy of a .txt file containing a list of User ID Numbers of users who 16 were sent the notice by email. See Twitter Employee Declaration, Ex. 3. Exhibit 4 is a copy of a 17 list of User ID Numbers of users who were sent the notice by in-app notification. See id. Ex. 4. 18 Both exhibits include Al-Ahmed’s User ID Number, and both were created in December 2015 and 19 have been maintained since. See id. Ex. A. The FAC does not dispute that the notice was sent to 20 Al-Ahmed; it alleges Al-Ahmed did not receive it. Al-Ahmed is therefore “charged with 21 presumptive knowledge of [his] injury” because given the undisputed evidence that Twitter’s 22 notice was sent, Al-Ahmed had “the opportunity to obtain knowledge from [a] source[] open to 23 [his] supervision.” Fox, 35 Cal.4th at 807–08. Thus, “in assessing the sufficiency of [Al- 24 Ahmed’s] allegations of delayed discovery, the court places the burden on [Al-Ahmed] to ‘show 25 diligence’; ‘conclusory allegations will not withstand demurrer.’” Id. In this regard, the FAC 26 twice mentions that Al-Ahmed did not receive Twitter’s notice. First, the FAC provides:
27 Even had Mr. Al-Ahmed received this intentionally deceptive indirectly a beneficial owner of Twitter; and that this government, 1 which is known for treating its critics with extreme prejudice, had unmasked pseudonyms and was the “suspected” culprit—a material 2 omissions and lie of omission, which is no notice at all. It is a fictive to suggest otherwise. 3 4 FAC ¶ 48. Second, the FAC provides:
5 Twitter, quick to warn its employee decided to not issue a press release nor notify the popular press, as it would do with other data 6 breaches, and not Tweet about this incident. It waited at least nine days before sending any notice (which Plaintiff did not even 7 receive). 8 Id. ¶ 70. But these allegations fail to show due diligence sufficient to rebut presumptive 9 knowledge. See Fox, 35 Cal.4th at 807–08. Therefore, Al-Ahmed cannot rely on the delayed 10 discovery rule. 11 Accordingly, all claims based on the unauthorized access of Al-Ahmed’s account are 12 barred under the statute of limitations. This includes the following: ECPA (count 1); CFAA 13 (count 2); SCA (count 3); promissory estoppel (count 8); intrusion upon seclusion (count 9); 14 negligent hiring, supervision, and retention (count 10); negligence (count 12); UCL (counts 4 & 15 18); breach of contract (count 7); unjust enrichment (count 5); civil conspiracy (count 11); 16 replevin (count 13); and interference with potential economic advantage (count 19).2 17
18 2 The ECPA, CFAA, SCA, promissory estoppel, intrusion upon seclusion, negligent hiring, and negligence claims each have two-year statutes of limitations. 18 U.S.C. § 2520(e) (two years 19 for ECPA claims); 18 U.S.C. § 1030(g) (two years for CFAA claims); 18 U.S.C. § 2707(f) (two years for SCA claims); Calhoun v. Google LLC, 526 F. Supp. 3d 605, 624 (N.D. Cal. 2021) (two 20 years limitation period for intrusion upon seclusion claims under Cal. Civ. Proc. Code § 335.1); So v. Shin, 212 Cal. App. 4th 652, 662 (2013) (two years for negligence claims under Cal. Civ. Proc. 21 Code § 335.1); McGowan v. Weinstein, 505 F. Supp. 3d 1000, 1025 (C.D. Cal. 2020) (two years for negligent hiring claims under Cal. Civ. Proc. Code § 335.1). UCL and breach of contract 22 claims have four-year statutes of limitations. Cal. Code of Civ. Proc. § 337(a) (four years for claims on written contracts); Cal. Bus. & Prof. Code § 17208 (four years for UCL claims). The 23 statutes of limitations for unjust enrichment, promissory estoppel, and civil conspiracy are based on the underlying wrong. Duke Gerstel Shearer, LLP v. Pursiano, No. D060374, 2012 WL 24 4712102, at *5 (Cal. Ct. App. Oct. 4, 2012); Newport Harbor Ventures, LLC v. Morris Cerullo World Evangelism, 6 Cal. App. 5th 1207, 1224, n.5 (2016), aff’d, 4 Cal. 5th 637 (2018); Maheu v. 25 CBS, Inc., 201 Cal. App. 3d 662, 673 (Ct. App. 1988). If founded on a quasi-contract theory, the claim is two years. Cal. Civ. Proc. Code § 339(1). If founded on conversion, fraud, or mistake, it 26 is three years. Cal. Civ. Code § 338(d); Maheu, 201 Cal. App. 3d at 673. If founded on a written contract, it is 4 years under Cal. Civ. Proc. Code § 337). Replevin has a three-year statute of 27 limitations. Cal. Code of Civ. Proc. § 338. Interference with prospective economic advantage 1 Breach of fiduciary duty claims, which include breach of loyalty and aiding and abetting 2 breach of fiduciary duty claims, have at most a four-year statute of limitations. Cal. Code of Civ. 3 Proc. § 343. However, the “applicable statute of limitations is determined by…the nature of the 4 right sued upon, the primary interest affected by the defendant’s wrongful conduct, or the 5 gravamen of the action.” Hydro-Mill Co. v. Hayward, Tilton & Rolapp Ins. Assocs., Inc., 115 Cal. 6 App. 4th 1145, 1158–59 (2004). Twitter argues “Al-Ahmed’s fiduciary duty claims amount to 7 interference with prospective economic advantage claims, which carry a two-year statute of 8 limitations.” Mot. at 10, n.9 (citing FAC ¶¶ 203–07, 214–15, 225–26 & 229). 9 The Court agrees that the gravamen of Al-Ahmed’s breach of duty of loyalty claim (count 10 14) is based on interference with prospective economic advantage. See FAC ¶¶ 203–07. Thus, the 11 breach of duty of loyalty claim adopts the interference with prospective economic advantage two- 12 year statute of limitations and is time-barred. The gravamen of Al-Ahmed’s aiding and abetting 13 breach of fiduciary duty claim (count 17) is not similarly related to interference with prospective 14 economic advantage. See ¶¶ 231–39. Instead, the claim’s focus is Twitter’s alleged facilitation of 15 Alzabarah and Abouammo’s conduct as part of a coordinated plan to silence KSA dissidents. Id. 16 Here, the two-year statute of limitations for intrusion upon seclusion applies. Calhoun, 526 F. 17 Supp. 3d at 624; Hydro-Mill Co., 115 Cal. App. 4th at 1158–59. All the claims are time-barred. 18 2. Continuous Accrual Doctrine 19 Al-Ahmed relies on the continuous accrual doctrine to avoid the time-bar. “[U]nder the 20 theory of continuous accrual, a series of wrongs or injuries may be viewed as each triggering its 21 own limitations period, such that a suit for relief may be partially time-barred as to older events 22 but timely as to those within the applicable limitations period.” Aryeh v. Canon Bus. Solutions, 23 Inc., 55 Cal.4th 1185, 1192 (2013). Continuous accrual applies when there is a continuing or 24 recurring obligation. Id. at 1199 (“When an obligation or liability arises on a recurring basis, a 25 cause of action accrues each time a wrongful act occurs, triggering a new limitations period.”) 26 (citation omitted). “[T]he theory of continuous accrual supports recovery only for damages arising 27 from those breaches falling within the limitations period[,] ... limit[ing] the amount of retroactive 1 limitations period.” Id. (citation omitted). Therefore, the continuous accrual doctrine “would 2 permit [the plaintiff] to sue, but only for those discrete acts occurring within the [relevant 3 limitations period] immediately preceding the filing of [the plaintiff’s] suit.” Id. at 1199–200. 4 In claiming the continuous accrual doctrine makes portions of his claims timely, Al- 5 Ahmed makes the exact arguments he did in opposition to Twitter’s first motion to dismiss. 6 Opp’n at 9. According to Al-Ahmed, Twitter breached contractual obligations contained in its 7 TOS (express and implied) including its obligation to preserve his confidential/privileged sources 8 and list of followers, and its obligation to not unreasonably suspend his Arabic Twitter account in 9 which he had a reasonable expectation of privacy. Opp’n at 9–10. Al-Ahmed argues that Twitter 10 continues to breach its TOS by keeping Al-Ahmed’s Twitter account suspended. Id. at 10. Al- 11 Ahmed contends that these actions constitute “separate, recurring invasions of the same right [that] 12 can each trigger their own statute of limitations” and have caused ongoing harm to him. Id. at 11 13 (citing Aryeh at 1198). 14 The Court adheres to its prior ruling. Twitter’s acts do not constitute the type of 15 continuing or recurring obligation or liability required for the continuous accrual theory to apply. 16 Rather, Twitter’s acts are the discrete incidents of (1) unauthorized intrusion of Al-Ahmed’s 17 account between 2013 and 2015, and (2) the suspension of Al-Ahmed’s Twitter account in 2018. 18 The unauthorized intrusion were discrete acts which did not recur after 2015. The suspension in 19 2018 is not part of a continuous act of unauthorized intrusion. See Ryan v. Microsoft Corp., 147 F. 20 Supp. 3d 868, 896–97 (N.D. Cal. 2015) (declining to apply the continuous accrual doctrine where 21 “alleged recurring injuries during the limitations period arose out of a single transaction that 22 occurred before the limitations period”). Accordingly, the continuous accrual doctrine does not 23 apply. 24 The only surviving claims against Twitter are the breach of contract, UCL, and promissory 25 estoppel claims based on Twitter’s suspension of Al-Ahmed’s account in 2018.3 26
27 3 Al-Ahmed’s civil conspiracy and unjust enrichment claims are based on the underlying wrong 1 C. CDA Section 230(c)(1) and Al-Ahmed’s Account Suspension-Related Claims 2 Twitter seeks immunity from Al-Ahmed’s account-suspension-related claims under CDA 3 Section 230(c)(1). Mot. at 15. Section 230(c) provides:
4 (1) Treatment of publisher or speaker No provider or user of an interactive computer service shall be 5 treated as the publisher or speaker of any information provided by another information content provider. 6 (2) Civil liability 7 No provider or user of an interactive computer service shall be held liable on account of— 8 1. any action voluntarily taken in good faith to restrict access 9 to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively 10 violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or 11 2. any action taken to enable or make available to information content providers or others the technical means to restrict 12 access to material described in paragraph (1). 13 47 U.S.C.A. § 230. 14 In Barnes v. Yahoo!, Inc., 570 F.3d 1096 (9th Cir. 2009), the Ninth Circuit explained that 15 “Subsection (c)(1), by itself, shields from liability all publication decisions, whether to edit, to 16 remove, or to post, with respect to content generated entirely by third parties.” To determine 17 whether Section 230(c)(1) applies, the Ninth Circuit set a three-prong test. See Barnes, 570 F.3d 18 1096. Under this test, CDA immunity under Section 230(c)(1) applies only if the defendant is “(1) 19 a provider or user of an interactive computer service (2) whom a plaintiff seeks to treat, under a 20 state law cause of action, as a publisher or speaker (3) of information provided by another 21 information content provider.” Lemmon, 995 F.3d at 1090–91. 22 The first prong is met because Twitter is an information content provider. See Morton v. 23 Twitter, Inc., No. CV 20-10434-GW-JEMX, 2021 WL 1181753, at *3 (C.D. Cal. Feb. 19, 2021). 24 The second and third prongs are met because Al-Ahmed’s claims are related to the suspension of 25 his account, and the suspension of a user account is generally considered a publishing decision 26 related to information provided by the user. See Barnes, 570 F.3d at 1109 (finding that the 27 removal of social media content falls under Section 230(c)(1)); see also King v. Facebook, Inc., 1 relating to disabling of accounts fall under Section 230(c)(1)). 2 In its previous order, this Court rejected Al-Ahmed’s arguments that § 230 should not 3 apply to his claims. Al-Ahmed, 2022 WL 1605673, at *15–20. Al-Ahmed rehashes the same 4 arguments in his opposition to Twitter’s motion to dismiss his FAC, and the Court remains 5 unconvinced. Rather than engage in another extensive discussion of why these claims fail, the 6 Court briefly summarizes its reasoning. 7 First, Al-Ahmed cites Fair Hous. Council of San Fernando Valley v. Roommates.Com, 8 LLC, 521 F.3d 1157, 1164 n.15 (9th Cir. 2008) for the proposition that the Ninth Circuit has been 9 dubious of large Internet companies seeking special privileges under the CDA. Opp’n at 14. 10 However, Al-Ahmed’s reliance on Roommates.Com is misplaced because the Ninth Circuit’s 11 decision there was premised on the service provider “inducing third parties to express illegal 12 preferences.” Id. at 1165. In contrast, Twitter’s suspension of Al-Ahmed’s account does not show 13 any act by Twitter of inducing third parties to perform illegal acts.4 14 Second, Al-Ahmed argues that immunity, applied to this case, would run contrary to the 15 policy of protecting children from exposure to pornographic and obscene material. Opp’n at 14– 16 16 (citing Section 230(b)(4)). But while it is true that Sections (b)(4)–(5) seek to enable filtering 17 obscene and ensure their enforcement, Sections (b)(1)–(2) more broadly seek to “promote the 18 continued development of the Internet” and “preserve the vibrant and competitive free market that 19 presently exists for the Internet . . . unfettered by Federal or State regulation.” 47 U.S.C. § 230(b). 20 Third, Al-Ahmed argues that Twitter’s suspension of his account suppresses the 21 dissemination of free speech, which runs counters to the policy of “remov[ing] disincentives [to 22 filter objectionable content.]” Id. However, this argument fails, because removing non- 23 objectionable or inappropriate online material does not equate to disincentivizing the restriction of 24 such material. 25
26 4 Al-Ahmed also cites Justice Thomas’s concurrence in Malwarebytes, Inc. v. Enigma Software Grp. USA, LLC, 141 S. Ct. 13, 18 (2020) where the Justice argued the scope of § 230 should be 27 revisited in an appropriate case. “However, a concurrence is not legal authority and the reference 1 Fourth, Al-Ahmed argues that because “the statute is intended to immunize an interactive 2 service provider for engaging in tradition editorial functions in a public forum,” it “could never 3 have been contemplated by the legislature to protect against or require the policing of private 4 exchanges that are very much equivalent to private texts, phone calls or emails.” Opp’n at 15–16. 5 However, as before, Al-Ahmed cites a single Second Circuit case, Force v. Facebook, Inc., 934 6 F.3d 53 (2d Cir. 2019), which merely notes that the word “publisher” is undefined by Section 7 230(c)(1), but does not use the words “public forum.” See id. 8 Fifth, Al-Ahmed argues that Section 230 cannot protect Twitter for suspending his account 9 because Twitter “specifically encourage[d] development of what was offensive about the content,” 10 i.e., Al-Ahmed claims Twitter “planted” the offensive direct message which precipitated his 11 suspension. Opp’n at 16 (citing Fed. Trade Comm’n v. LeadClick Media, LLC, 838 F.3d 158, 174 12 (2d Cir. 2016) (“A defendant, however, will not be held responsible unless it assisted in the 13 development of what made the content unlawful.”); Roomates.com, LLC, 521 F.3d at 1167–68 14 (holding the defendant liable when it had questionnaires “not merely… augmenting the content 15 generally, but…materially contributing to its alleged unlawfulness”). However, Al-Ahmed’s 16 argument fails for two reasons. First, the allegation that Twitter “planted” or “manipulated” the 17 direct message is highly speculative and conclusory; the FAC fails to allege specific facts which 18 make this claim plausible. See Twombly, 550 U.S. at 570. Second, as the Court noted in its 19 previous order, the cases cited by Al-Ahmed are inapposite because each involved a service 20 provider participating in or inducing unlawful activity. See, e.g., Roomates.com, LLC, 521 F.3d at 21 1165. Here, Twitter seeks immunity for claims only in relation to its account-suspending 22 activity—such activity is not on its face unlawful. 23 Finally, Al-Ahmed argues that Twitter cannot claim immunity under Section 230 because 24 it failed to demonstrate good faith. Opp’n at 17. However, Twitter seeks immunity under Section 25 230(c)(1) which does not contain a good faith requirement. Levitt v. Yelp! Inc., No. C-10-1321 26 EMC, 2011 WL 5079526, at *7 (N.D. Cal. Oct. 26, 2011), aff’d, 765 F.3d 1123 (9th Cir. 2014) 27 (finding that while Section 230(c)(2) has a good-faith requirement, (c)(1) has no such 1 Admittedly, this Court observes that a natural reading of the statute suggests Section 2 230(c)(1) should only immunize a provider based on content posted by third parties, whereas 3 Section 230(c)(2) with its good faith requirement should immunize a provider whenever it restricts 4 user content or user access. Otherwise, if Section 230(c)(1) immunizes a provider’s decision to 5 remove content as well as a provider’s decision not to remove content, then Section (c)(2)’s 6 specification that immunity also extends to “any action voluntarily taken [by the provider] in good 7 faith to restrict access” would be rendered superfluous. On these grounds, courts in other districts 8 have declined to immunize provider’s restriction of user access under Section 230(c)(1). See, e.g., 9 e-ventures Worldwide, LLC v. Google, Inc., No. 214CV646FTMPAMCM, 2017 WL 2210029 10 (M.D. Fla. Feb. 8, 2017). If this Court were to write on a clean slate, it might well concur. 11 However, despite the apparent import of the natural wording of Section 230(c)(1) and (2), 12 it appears that in the Ninth Circuit, Section 230(c)(1) immunity attaches even where a provider 13 restricts a plaintiff’s access. Sikhs for Just., Inc. v. Facebook, Inc., 697 F. App’x 526 (9th Cir. 14 2017); see also Riggs v. MySpace, Inc., 444 F. App’x 986, 987 (9th Cir. 2011) (affirming 15 dismissal under Section 230(c)(1) based on the removal of the plaintiff’s user profile); King, 2021 16 WL 5279823, at *1 (holding Facebook has immunity under Section 230(c)(1) to the extent 17 plaintiff’s claims were based on Facebook’s disabling plaintiff’s account). Thus, “[b]ecause 18 Section 230(c)(1) applies here, Twitter is not required to demonstrate good faith.” Al-Ahmed, 19 2022 WL 1605673, at *19. 20 Accordingly, Twitter’s immunity extends to Al-Ahmed’s following suspension-based 21 claims: SCA, civil conspiracy, UCL, breach of contract, and promissory estoppel. Twitter’s 22 immunity does not extend to Al-Ahmed’s breach of contract claim based on Twitter’s failure to 23 provide an adequate justification for his suspension and to meaningfully address his appeal from 24 the suspension of his account. See FAC ¶ 147. However, this claim fails as well. To adequately 25 plead a breach of contract claim, the plaintiff must identify “the specific provision of the contract 26 allegedly breached by the defendant.” King v. Facebook, Inc., No. 19-CV-01987-WHO, 2019 WL 27 6493968, at *2 (N.D. Cal. Dec. 3, 2019). Here, Al-Ahmed fails to do so. In fact, Twitter’s Terms 1 suspensions at all. 2 V. CONCLUSION 3 For the foregoing reasons, the Court GRANTS Twitter’s motion to dismiss in its entirety. 4 Plaintiff is granted leave to amend his FAC with respect to pleading due diligence under the 5 delayed discovery rule only. The Second Amended Complaint, if any, is due within thirty (30) 6 days of the date of this order. 7 This order disposes of Docket No. 62. 8 9 IT IS SO ORDERED. 10 11 Dated: January 3, 2023 12 13 ______________________________________ EDWARD M. CHEN 14 United States District Judge 15 16 17 18 19 20 21 22 23 24 25 26 27