The plaintiff in Popa v. Harriet Carter Gifts had visited the Harriet Carter Gifts website and begun the process for completing an online purchase of cat stairs. As occurs during many website interactions, Harriet Carter Gifts sent HTML code to the plaintiff’s browser that caused the plaintiff’s browser to simultaneously send a GET request to NaviStone. When it received the GET Request, NaviStone sent code to plaintiff’s browser that enabled the installation of a cookie which both identified the browser and tracked plaintiff’s activity on the Harriet Carter website. This communication stream also enabled NaviStone to facilitate targeted advertising to plaintiff. The lawsuit alleged that the HTML code re-routing electronic communications to NaviStone constituted an illegal interception under Pennsylvania’s wiretap law. The district court granted summary judgment against plaintiff, but the Third Circuit reversed.
The Third Circuit’s analysis focused on whether NaviStone was a “direct party” to the communications between Harriet Carter and plaintiff, which is an exception recognized by the Federal Wiretap Law as well as the wiretap laws of other states. Pennsylvania had previously adopted a similar exemption, but did so in the context of law enforcement investigations where police officers had masqueraded as intended recipients of communications. The Third Circuit ruled that this was the only scenario under which WESCA recognized a direct party exception. Critical to the Court’s determination that Pennsylvania’s direct party exception was limited to law enforcement was a 2012 amendment to the law that expressly revised the law’s definition of “intercept” to exclude monitoring by law enforcement masquerading as third parties. Under rules of statutory construction, the Court held that this express limitation foreclosed broader exceptions, thus limiting the scope of the direct party exception. In other words, only law enforcement officers, under the expressly identified scenarios set forth in WESCA, can avail themselves of the direct party exception.
The Third Circuit’s analysis did not end there, however. The Court also considered – and rejected – NaviStone’s contention that the interception occurred in Virginia, where the defendant was located, finding instead that the interception occurred at the point where the communication was re-routed to NaviStone, which occurred on plaintiff’s browser. This ruling thus disposed of NaviStone’s argument that WESCA could not regulate commerce that occurred wholly outside the Commonwealth.
In response to NaviStone’s “parade of horribles” argument, the Third Circuit noted that its ruling does not necessarily foreclose websites’ usage of cookies or third party marketing companies. In particular, the Court noted that WESCA provides an all-party consent exception whereby a interception is permissible if all parties to the communication consent. Which leads to perhaps the key question: did plaintiff consent to NaviStone’s interception of her electronic communications?