25-369 Veksler v. Wipro, LLC
UNITED STATES COURT OF APPEALS FOR THE SECOND CIRCUIT
SUMMARY ORDER
RULINGS BY SUMMARY ORDER DO NOT HAVE PRECEDENTIAL EFFECT. CITATION TO A SUMMARY ORDER FILED ON OR AFTER JANUARY 1, 2007, IS PERMITTED AND IS GOVERNED BY FEDERAL RULE OF APPELLATE PROCEDURE 32.1 AND THIS COURT’S LOCAL RULE 32.1.1. WHEN CITING A SUMMARY ORDER IN A DOCUMENT FILED WITH THIS COURT, A PARTY MUST CITE EITHER THE FEDERAL APPENDIX OR AN ELECTRONIC DATABASE (WITH THE NOTATION “SUMMARY ORDER”). A PARTY CITING A SUMMARY ORDER MUST SERVE A COPY OF IT ON ANY PARTY NOT REPRESENTED BY COUNSEL.
At a stated term of the United States Court of Appeals for the Second Circuit, held at the Thurgood Marshall United States Courthouse, 40 Foley Square, in the City of New York, on the 19th day of December, two thousand twenty-five.
PRESENT: ROBERT D. SACK, MYRNA PÉREZ, Circuit Judges, VINCENT L. BRICCETTI, District Judge. * ________________________________________
ELVIRA VEKSLER,
Plaintiff-Appellant,
v. No. 25-369 WIPRO, LLC,
Defendant-Appellee. ________________________________________
* Judge Vincent L. Briccetti, of the United States District Court for the Southern District of New York, sitting by designation.
1 FOR PLAINTIFF-APPELLANT: KENNETH F. MCCALLION, McCallion & Associates, LLP, New York, NY.
FOR DEFENDANT-APPELLEE: JUNG H. PARK, (Ryanne A. Hankla, Andrew L. Margulis, on the brief), Ropers Majeski PC, New York, NY.
Appeal from a judgment of the United States District Court for the Southern
District of New York (Oetken, J.).
UPON DUE CONSIDERATION, IT IS HEREBY ORDERED, ADJUDGED,
AND DECREED that the judgment of the District Court is AFFIRMED.
Elvira Veksler sued Wipro, LLC under the Electronic Communications Privacy Act
(“ECPA”), 18 U.S.C. § 2511(1)(a), the Stored Communications Act (“SCA”), 18 U.S.C.
§ 2701(a), and the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030(a)(5)(A)–
(C). 1 After discovery, the District Court granted Wipro’s motion for summary judgment
in its entirety, and this appeal followed. We assume the parties’ familiarity with the
underlying facts, the procedural history, and the issues on appeal, which we reference
only as necessary to explain our decision to affirm.
I. Background
Between July and November of 2021, Veksler worked as a freelance content writer
for Wipro using her own personal computer. To facilitate her work, Wipro gave Veksler
1 Veksler also brought state-law claims that the District Court dismissed without prejudice. We affirm that dismissal as well.
2 a Wipro email ID to access its web-based email service. On February 10, 2022, several
months after Veksler finished her work for Wipro, she emailed a Wipro employee,
notifying Wipro that she was not able to access her laptop and requesting Wipro’s
assistance. After some investigation, Wipro determined that its “security management
tool,” JAMF, had been installed on Veksler’s computer. App’x at 402. In addition to
JAMF, Veksler claims that another software—CrowdStrike Falcon Sensor
(“CrowdStrike”)—was installed on her device. On February 16, Wipro successfully
removed JAMF from Veksler’s computer.
Veksler claims that Wipro intentionally installed JAMF and CrowdStrike on her
computer without her knowledge or consent in order to access and monitor her data,
communications, and other activity. Wipro responds that it did not intend to access
Veksler’s computer and, in any event, it did not collect or monitor any of Veksler’s data
or activity. The District Court ruled for Wipro, concluding that Veksler did not adduce
sufficient evidence from which a jury could conclude that Wipro intended for its software
to be installed on Veksler’s device.
II. Standard of Review
“We review de novo a district court’s decision to grant summary
judgment, construing the evidence in the light most favorable to the party against whom
summary judgment was granted and drawing all reasonable inferences in that party’s
favor.” Roth v. Armistice Cap., LLC, 151 F.4th 21, 25–26 (2d Cir. 2025). Summary judgment
3 is appropriate where “there is no genuine dispute as to any material fact and the movant
is entitled to judgment as a matter of law.” Fed. R. Civ. P. 56(a).
III. Discussion
Plaintiffs bringing claims under the ECPA, SCA, and CFAA must establish that
the defendant acted intentionally. See 18 U.S.C. § 2511(1)(a) (ECPA makes it unlawful to
“intentionally intercept[], endeavor[] to intercept, or procure[] any other person to
intercept or endeavor to intercept, any wire, oral, or electronic communication”); id.
§ 2701(a) (SCA makes it unlawful to “(1) intentionally access[] without authorization a
facility through which an electronic communication service is provided; or (2)
intentionally exceed[] an authorization to access that facility[,] and thereby obtain[],
alter[], or prevent[] authorized access to a wire or electronic communication while it is in
electronic storage in such system”); id. § 1030(a)(5)(A)–(C) (CFAA prohibits 1)
“knowingly caus[ing] the transmission of a program, information, code, or command,
and as a result of such conduct, intentionally caus[ing] damage without authorization, to
a protected computer;” 2) “intentionally access[ing] a protected computer without
authorization, and as a result of such conduct, recklessly caus[ing] damage;” or 3)
“intentionally access[ing] a protected computer without authorization, and as a result of
such conduct, caus[ing] damage and loss”).
Here—as both parties agree—that means Veksler’s burden is to establish that
Wipro acted with the “conscious objective” of accessing her computer. See United States
4 v. Townsend, 987 F.2d 927, 930 (2d Cir. 1993) (holding that, to find an ECPA violation, the
“defendant’s act must have been the product of defendant’s conscious objective rather
than the product of a mistake or an accident”). 2 Thus, Veksler must show that at some
point in time, Wipro intended for its software to be installed on her laptop. Nothing in
the record supports even that threshold conclusion.
Contrary to Veksler’s theory that the software was pushed to her device when she
first created a Wipro email account, the only forensic analysis conducted of the device
found that the software was not installed until October 2021—several months after she
created her Wipro account. See App’x at 209–10. Veksler relies on language from an
email chain among Wipro employees stating “this person is locked out of her computer
and we’re responsible” as evidence Wipro intended to install the software on her device.
See App’x at 69. But no reasonable factfinder could conclude, based on this isolated line,
that Wipro was aware its software had been installed on Veksler’s laptop before Veksler
contacted Wipro in February 2022, let alone that Wipro intended that outcome. See App’x
at 58–74.
Free access — add to your briefcase to read the full text and ask questions with AI
25-369 Veksler v. Wipro, LLC
UNITED STATES COURT OF APPEALS FOR THE SECOND CIRCUIT
SUMMARY ORDER
RULINGS BY SUMMARY ORDER DO NOT HAVE PRECEDENTIAL EFFECT. CITATION TO A SUMMARY ORDER FILED ON OR AFTER JANUARY 1, 2007, IS PERMITTED AND IS GOVERNED BY FEDERAL RULE OF APPELLATE PROCEDURE 32.1 AND THIS COURT’S LOCAL RULE 32.1.1. WHEN CITING A SUMMARY ORDER IN A DOCUMENT FILED WITH THIS COURT, A PARTY MUST CITE EITHER THE FEDERAL APPENDIX OR AN ELECTRONIC DATABASE (WITH THE NOTATION “SUMMARY ORDER”). A PARTY CITING A SUMMARY ORDER MUST SERVE A COPY OF IT ON ANY PARTY NOT REPRESENTED BY COUNSEL.
At a stated term of the United States Court of Appeals for the Second Circuit, held at the Thurgood Marshall United States Courthouse, 40 Foley Square, in the City of New York, on the 19th day of December, two thousand twenty-five.
PRESENT: ROBERT D. SACK, MYRNA PÉREZ, Circuit Judges, VINCENT L. BRICCETTI, District Judge. * ________________________________________
ELVIRA VEKSLER,
Plaintiff-Appellant,
v. No. 25-369 WIPRO, LLC,
Defendant-Appellee. ________________________________________
* Judge Vincent L. Briccetti, of the United States District Court for the Southern District of New York, sitting by designation.
1 FOR PLAINTIFF-APPELLANT: KENNETH F. MCCALLION, McCallion & Associates, LLP, New York, NY.
FOR DEFENDANT-APPELLEE: JUNG H. PARK, (Ryanne A. Hankla, Andrew L. Margulis, on the brief), Ropers Majeski PC, New York, NY.
Appeal from a judgment of the United States District Court for the Southern
District of New York (Oetken, J.).
UPON DUE CONSIDERATION, IT IS HEREBY ORDERED, ADJUDGED,
AND DECREED that the judgment of the District Court is AFFIRMED.
Elvira Veksler sued Wipro, LLC under the Electronic Communications Privacy Act
(“ECPA”), 18 U.S.C. § 2511(1)(a), the Stored Communications Act (“SCA”), 18 U.S.C.
§ 2701(a), and the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030(a)(5)(A)–
(C). 1 After discovery, the District Court granted Wipro’s motion for summary judgment
in its entirety, and this appeal followed. We assume the parties’ familiarity with the
underlying facts, the procedural history, and the issues on appeal, which we reference
only as necessary to explain our decision to affirm.
I. Background
Between July and November of 2021, Veksler worked as a freelance content writer
for Wipro using her own personal computer. To facilitate her work, Wipro gave Veksler
1 Veksler also brought state-law claims that the District Court dismissed without prejudice. We affirm that dismissal as well.
2 a Wipro email ID to access its web-based email service. On February 10, 2022, several
months after Veksler finished her work for Wipro, she emailed a Wipro employee,
notifying Wipro that she was not able to access her laptop and requesting Wipro’s
assistance. After some investigation, Wipro determined that its “security management
tool,” JAMF, had been installed on Veksler’s computer. App’x at 402. In addition to
JAMF, Veksler claims that another software—CrowdStrike Falcon Sensor
(“CrowdStrike”)—was installed on her device. On February 16, Wipro successfully
removed JAMF from Veksler’s computer.
Veksler claims that Wipro intentionally installed JAMF and CrowdStrike on her
computer without her knowledge or consent in order to access and monitor her data,
communications, and other activity. Wipro responds that it did not intend to access
Veksler’s computer and, in any event, it did not collect or monitor any of Veksler’s data
or activity. The District Court ruled for Wipro, concluding that Veksler did not adduce
sufficient evidence from which a jury could conclude that Wipro intended for its software
to be installed on Veksler’s device.
II. Standard of Review
“We review de novo a district court’s decision to grant summary
judgment, construing the evidence in the light most favorable to the party against whom
summary judgment was granted and drawing all reasonable inferences in that party’s
favor.” Roth v. Armistice Cap., LLC, 151 F.4th 21, 25–26 (2d Cir. 2025). Summary judgment
3 is appropriate where “there is no genuine dispute as to any material fact and the movant
is entitled to judgment as a matter of law.” Fed. R. Civ. P. 56(a).
III. Discussion
Plaintiffs bringing claims under the ECPA, SCA, and CFAA must establish that
the defendant acted intentionally. See 18 U.S.C. § 2511(1)(a) (ECPA makes it unlawful to
“intentionally intercept[], endeavor[] to intercept, or procure[] any other person to
intercept or endeavor to intercept, any wire, oral, or electronic communication”); id.
§ 2701(a) (SCA makes it unlawful to “(1) intentionally access[] without authorization a
facility through which an electronic communication service is provided; or (2)
intentionally exceed[] an authorization to access that facility[,] and thereby obtain[],
alter[], or prevent[] authorized access to a wire or electronic communication while it is in
electronic storage in such system”); id. § 1030(a)(5)(A)–(C) (CFAA prohibits 1)
“knowingly caus[ing] the transmission of a program, information, code, or command,
and as a result of such conduct, intentionally caus[ing] damage without authorization, to
a protected computer;” 2) “intentionally access[ing] a protected computer without
authorization, and as a result of such conduct, recklessly caus[ing] damage;” or 3)
“intentionally access[ing] a protected computer without authorization, and as a result of
such conduct, caus[ing] damage and loss”).
Here—as both parties agree—that means Veksler’s burden is to establish that
Wipro acted with the “conscious objective” of accessing her computer. See United States
4 v. Townsend, 987 F.2d 927, 930 (2d Cir. 1993) (holding that, to find an ECPA violation, the
“defendant’s act must have been the product of defendant’s conscious objective rather
than the product of a mistake or an accident”). 2 Thus, Veksler must show that at some
point in time, Wipro intended for its software to be installed on her laptop. Nothing in
the record supports even that threshold conclusion.
Contrary to Veksler’s theory that the software was pushed to her device when she
first created a Wipro email account, the only forensic analysis conducted of the device
found that the software was not installed until October 2021—several months after she
created her Wipro account. See App’x at 209–10. Veksler relies on language from an
email chain among Wipro employees stating “this person is locked out of her computer
and we’re responsible” as evidence Wipro intended to install the software on her device.
See App’x at 69. But no reasonable factfinder could conclude, based on this isolated line,
that Wipro was aware its software had been installed on Veksler’s laptop before Veksler
contacted Wipro in February 2022, let alone that Wipro intended that outcome. See App’x
at 58–74.
Veksler urges that, even if Wipro did not intentionally install its software on her
computer, once the software was there, Wipro knowingly used it to intercept her
communications and access her data. But the record does not support that conclusion
2 As the District Court pointed out, courts have interpreted the intentionality requirement in the SCA and the CFAA to have the same meaning as it does in the ECPA. See Spec. App’x at 5–6 (citing Butera & Andrews v. Int'l Bus. Machs. Corp., 456 F. Supp. 2d 104, 110 (D.D.C. 2006)).
5 either. Even if there is a triable issue as to whether JAMF or CrowdStrike could have
been used to access Veksler’s data, monitor her communications, or intercept her
communications in the way she alleges, nothing in the record suggests that Wipro
actually used its software to do so in this case. And Veksler adduces no evidence that it
was ever Wipro’s conscious objective to use the software on Veksler’s device to do so.
To be clear, the Clifton Report does not create a triable issue as to Wipro’s intent.
As an initial matter, “summary judgment is not per se precluded because there are
conflicting experts.” Dalberth v. Xerox Corp., 766 F.3d 172, 189 (2d Cir. 2014) (quoting In
re Omnicom Grp., Inc. Sec. Litig., 597 F.3d 501, 512 (2d Cir. 2010)). Indeed, “an expert’s
report is not a talisman against summary judgment.” Id. (quoting Raskin v. Wyatt Co., 125
F.3d 55, 66 (2d Cir. 1997)). Many of the conclusions reached by the Clifton Report are
“speculative or conclusory.” Garcia v. Hartford Police Dep’t, 706 F.3d 120, 128 (2d Cir.
2013). More importantly, the dispositive issue of Wipro’s intent is beyond the Report’s
scope. Accordingly, “we conclude that the report does not add any facts to the record
that create a genuine dispute as to any material fact.” Id.
IV. Conclusion
We have considered Veksler’s remaining arguments and find them to be without
merit. Accordingly, we AFFIRM the judgment of the District Court.
FOR THE COURT: Catherine O’Hagan Wolfe, Clerk of Court