Preview
1 CHRISTOPHER C. CHIOU, SBN 233587
cchiou@wsgr.com
2 WILSON SONSINI GOODRICH & ROSATI
Professional Corporation
3 953 East Third Street, Suite 100
Los Angeles, CA 90013
4 Telephone: (323) 210-2900
5 Attorney for Defendants YouTube, LLC, Google
LLC, and Alphabet Inc.
6
[Additional parties and counsel listed on
7 signature pages]
8
SUPERIOR COURT OF THE STATE OF CALIFORNIA
9
FOR THE COUNTY OF LOS ANGELES
10
COORDINATION PROCEEDING SPECIAL JUDICIAL COUNCIL COORDINATION
11 TITLE (Rule 3.400) PROCEEDING NO. 5255
12 SOCIAL MEDIA CASES For Filing Purposes: 22STCV21355
13 Judge: Hon. Carolyn B. Kuhl
SSC-12
14 THIS DOCUMENT RELATES TO:
DEFENDANTS’ NOTICE OF
15 (Christina Arlington Smith, et al. v. TikTok SUPPLEMENTAL AUTHORITY
Inc., et al., Case No. 22STCV21355)
16
17 (A.S. et al. v. Meta Platforms, Inc. et al.,
Case No. 22STCV28202)
18
(Glenn-Mills v. Meta Platforms, Inc. et al.,
19 Case No. 23SMCV03371)
20
(J.S. et al. v. Meta Platforms, Inc. et al.,
21 Case No. CV 2022-1472)
22 (K.K. et al. v. Meta Platforms, Inc. et al.,
Case No. 23SMCV03371)
23
(K.L. et al. v. Meta Platforms, Inc. et al.,
24
Case No. CIV SB 2218921)
25
(N.S. et al. v. Snap Inc.,
26 Case No. 22CV019089)
27 (P.F. et al. v. Meta Platforms, Inc. et al.,
28 Case No. 23SMCV03371)
DEFENDANTS’ NOTICE OF SUPPLEMENTAL AUTHORITY
1 Defendants hereby notify the Court of a recent decision of the California Court of Appeal,
2 Wozniak v. YouTube, LLC, No. H050042 (6th App. Dist. Mar. 15, 2024), which as been certified for
3 publication, as supplemental authority that further supports Defendants’ Demurrer to Claims for Sex
4 and Age Discrimination and Non-Product Negligent Failure to Warn (the “Demurrer”) and
5 Defendants’ Motion to Strike Third-Party Misconduct and Online Challenge Allegations (the “Mot.
6 to Strike”), both of which are scheduled for argument on Wednesday, March 20. A copy of the
7 Wozniak opinion is attached as Exhibit A.
8 The Court of Appeal’s decision supports Defendants’ arguments that Section 230 of the
9 Communications Decency Act bars the claims and allegations challenged in Defendants’ pending
10 motions. Wozniak arose from a cryptocurrency scam perpetrated by “bad actors” through YouTube,
11 in which third-party scammers allegedly bypassed YouTube’s security practices to gain access to
12 popular YouTube channels and uploaded videos that deceived users into sending the scammers
13 cryptocurrency, believing that they were participating in celebrity-sponsored “bitcoin giveaway”
14 events. Wozniak, Slip Op. at 2-4, 18. The plaintiffs—victims of the scam and one of the celebrities
15 whose name and likeness was used by scammers—brought a variety of causes of action against
16 YouTube, including for fraud and misrepresentation, negligence, negligent design, and negligent
17 failure to warn. Id. at 8. In an effort to avoid Section 230, the plaintiffs argued that their claims
18 focused not on the content from “bad actors” and YouTube’s role as a publisher of the scam videos
19 but instead on, inter alia, a “failure to employ reasonable security measures to protect channels from
20 hijacking,” id. at 14, how “YouTube negligently designed its security protocols and video metrics,”
21 id. at 18, and that YouTube failed to provide adequate warnings, id. at 20. The Court of Appeal
22 rejected this gambit, finding that all of the plaintiffs’ claims, however framed, ultimately rested on
23 “YouTube’s actions allowing the scam videos to be shown on hijacked channels” which “amount
24 to a publishing decision not to prevent or alter the videos,” and therefore were barred by Section
25 230. Id. at 15. The Court thus held that the trial court had properly sustained YouTube’s demurrer
26 to all of the plaintiffs’ claims, though the Court of Appeal ruled that the plaintiffs should be granted
27 leave to amend on a narrow issue related to “verification badges.” Id. at 36.
28 Defendants direct this Court to several aspects of the recent Wozniak decision that bear
-2-
DEFENDANTS’ NOTICE OF SUPPLEMENTAL AUTHORITY
1 directly on the pending Motion to Strike and Demurrer:
2 The Court of Appeal expressly held that the plaintiffs could not evade Section 230
3 by framing their claims around a purported duty to “implement reasonable security
4 measures,” id. at 14, and “negligent design” supposedly independent of third-party content,
5 id. at 18. The Court explained that the injuries the plaintiffs claimed to have suffered were
6 “predicated on the harmful content of the scam videos, without which there would likely
7 be no lawsuit,” id. at 17, 19-20 (distinguishing Lemmon v. Snap, Inc., (9th Cir. 2021) 995
8 F.3d 1085), and that no matter that label the plaintiffs used “[u]ltimately, this claim seeks
9 to hold YouTube liable for allowing the scam videos to be shown on the hijacked channels
10 and is predicated on that third-party content,” id. at 18. In so doing, Wozniak rejected the
11 core argument Plaintiffs rely upon in opposing Defendants’ pending Motion to Strike: that
12 Section 230’s applicability is not based on the “cause of the harm suffered by a plaintiff.”
13 Motion to Strike Op. at 11. The Court of Appeal made clear that plaintiffs cannot avoid
14 Section 230 in cases involving injuries caused by the publication of third-party content by
15 asserting that the claims are based on a service provider’s “distinct capacity as product
16 designers.” Wozniack, Slip Op. at 18.
17 Wozniak also explicitly rejected the notion that failure to warn claims are outside
18 Section 230, even where the plaintiffs alleged that “defendants knew about the scam
19 without having to monitor any third-party content,” reasoning that to hold otherwise
20 “would allow essentially every state cause of action otherwise immunized by section 230
21 to be pleaded as a failure to warn of such information published by a defendant.” Wozniak,
22 Slip Op. at 20-21; see Dem. at 25-26; Dem. Reply at 10-11; Mot. to Strike 21 n.6; Mot. to
23 Strike Reply 11–12.
24 In addressing the failure to warn claim, the Court of Appeal rejected a broad
25 reading of Doe v. Internet Brands, 824 F.3d 846 (9th Cir. 2016), similar to what Plaintiffs
26 have advanced here (see Dem. Opp. at 5-6). Contrary to Plaintiffs’ argument that Internet
27 Brands holds failure to warn claims are immune from Section 230 so long as they would
28 not require “removing or editing” third party content, Dem. Op. at 5, Wozniak confirms
-3-
DEFENDANTS’ NOTICE OF SUPPLEMENTAL AUTHORITY
1 that negligent failure to warn claims—like any other cause of action—are barred so long as
2 they “seek to impose liability on defendants resulting from the third-party information they
3 publish on their platform,” Wozniak, Slip Op. at 20-21 (explaining that in Internet Brands
4 the defendant had “fail[ed] to warn about information it had obtained from an outside
5 source about” third parties’ predatory scheme (emphasis added)); see Dem. Reply 11; Mot.
6 to Strike 17.
7 The Court of Appeal rejected the plaintiffs’ argument that “Section 230 does not
8 immunize from claims defendants are recommending scam videos and other activities
9 involving algorithms to knowingly help criminals target vulnerable users.” Wozniak, Slip
10 Op. at. at 21-23. The Court of Appeal instead followed the Ninth Circuit’s decisions in
11 Gonzalez v. Google LLC, 2 F.4th 871 (9th Cir. 2021), vacated on other grounds, 598 U.S.
12 617 (2023), and Dyroff v. Ultimate Software Group, Inc., 934 F.3d 1093 (9th Cir. 2019), to
13 hold that allegations that the development and use of algorithms to recommend “videos to
14 users based on a variety of personal information and data” is within the scope of Section
15 230 immunity. Wozniack, Slip Op. at 24. This supports striking Plaintiffs’ claims and
16 allegations regarding TikTok’s alleged promotion of “challenge videos,” Defendants’
17 alleged “user recommendations,” and other recommendation-based features. See Mot. to
18 Strike at 17-18, 20-21; Mot. To Strike Reply. at 11, 14.
19
20
21
22
23
24
25
26
27
28
-4-
DEFENDANTS’ NOTICE OF SUPPLEMENTAL AUTHORITY
1 Dated: March 18, 2024 WILSON SONSINI GOODRICH & ROSATI
Professional Corporation
2
By: /s/ Christopher C. Chiou
3 Christopher C. Chiou
4 CHRISTOPHER C. CHIOU, SBN 233587
cchiou@wsgr.com
5 MATTHEW K. DONOHUE, SBN 302144
mdonohue@wsgr.com
6 WILSON SONSINI GOODRICH & ROSATI
7 953 E. Third Street, Suite 100
Los Angeles, CA 90013
8 Tel.: 323-210-2900
9 LAUREN GALLO WHITE, SBN 309075
lwhite@wsgr.com
10 WILSON SONSINI GOODRICH & ROSATI
11 One Market Plaza, Spear Tower, Suite 3300
San Francisco, CA 94105
12 Tel.: 415-947-2000
13 BRIAN M. WILLEN, (Pro Hac Vice)
bwillen@wsgr.com
14
WILSON SONSINI GOODRICH & ROSATI
15 1301 Avenue of the Americas, 40th Floor
New York, New York 10019
16 Tel.: 212-999-5800
17 Attorneys for Defendants YouTube, LLC,
Google LLC, Alphabet Inc.
18
19 Dated: March 18, 2024 WILLIAMS & CONNOLLY LLP
20 By: /s/ Joseph G. Petrosinelli
Joseph G. Petrosinelli
21
JOSEPH G. PETROSINELLI (Pro Hac Vice)
22 jpetrosinelli@wc.com
ASHLEY W. HARDIN, (Pro Hac Vice)
23
ahardin@wc.com
24 WILLIAMS & CONNOLLY LLP
680 Maine Avenue, SW
25 Washington, DC 20024
Tel.: 202-434-5000
26
Attorneys for Defendants YouTube, LLC,
27 Google LLC, Alphabet Inc.
28
-5-
DEFENDANTS’ NOTICE OF SUPPLEMENTAL AUTHORITY
1 Dated: March 18, 2024 COVINGTON & BURLING LLP
2 By: /s/ Ashley M. Simonsen
Ashley M. Simonsen
3
ASHLEY M. SIMONSEN, SBN 275203
4 asimonsen@cov.com
COVINGTON & BURLING LLP
5 1999 Avenue of the Stars
Los Angeles, CA 90067
6
Tel.: 424-332-4800
7
EMILY JOHNSON HENN, SBN 269482
8 ehenn@cov.com
COVINGTON & BURLING LLP
9 3000 El Camino Real
5 Palo Alto Square, 10th Floor
10
Palo Alto, CA 94306
11 Tel.: 650-632-4700
12 MARK W. MOSIER, (Pro Hac Vice)
mmosier@cov.com
13 PHYLLIS A. JONES, (Pro Hac Vice
14 Forthcoming)
pajones@cov.com
15 PAUL W. SCHMIDT, (Pro Hac Vice)
pschmidt@cov.com
16 MICHAEL X. IMBROSCIO, (Pro Hac Vice)
mimbroscio@cov.com
17 COVINGTON & BURLING LLP
18 One City Center
850 Tenth Street, NW
19 Washington, DC 20001-4956
Tel.: 202-662-6000
20
Attorneys for Defendants Meta Platforms, Inc.
21 f/k/a Facebook, Inc.; Facebook Holdings, LLC;
Facebook Operations, LLC, Facebook
22 Payments, Inc., Facebook Technologies, LLC,
Instagram, LLC; and Siculus, Inc.
23
24 Dated: March 18, 2024 MUNGER, TOLLES & OLSON LLP
25 By: /s/ Jonathan H. Blavin
Jonathan H. Blavin
26
JONATHAN H. BLAVIN, SBN 230269
27 jonathan.blavin@mto.com
MUNGER, TOLLES & OLSON LLP
28 560 Mission Street, 27th Floor
-6-
DEFENDANTS’ NOTICE OF SUPPLEMENTAL AUTHORITY
1 San Francisco, CA 94105-3089
Tel.: 415-512-4000
2
ROSE L. EHLER, SBN 29652
3
Rose.Ehler@mto.com
4 VICTORIA A. DEGTYAREVA, SBN 284199
Victoria.Degtyareva@mto.com
5 ARIEL T. TESHUVA, SBN 324238
Ariel.Teshuva@mto.com
6 MUNGER, TOLLES & OLSON LLP
350 South Grand Avenue, 50th Floor
7
Los Angeles, CA 90071-3426
8 Tel.: 213-683-9100
9 LAUREN A. BELL, (Pro Hac Vice)
Lauren.Bell@mto.com
10 MUNGER, TOLLES & OLSON LLP
11 601 Massachusetts Ave., NW St.
Suite 500 E
12 Washington, D.C. 20001-5369
Tel.: 202-220-1100
13
Attorneys for Defendant Snap Inc.
14
Dated: March 18, 2024 KING & SPALDING LLP
15
By: /s/ Matthew J. Blaschke
16 Matthew J. Blaschke
17 MATTHEW J. BLASCHKE, SBN 281938
mblaschke@kslaw.com
18 BAILEY J. LANGNER, SBN 307753
blangner@kslaw.com
19 KING & SPALDING LLP
50 California Street, Suite 3300
20 San Francisco, CA 9411l
Tel.: 415-318-1200
21
ALBERT Q. GIANG, SBN 224332
22 agiang@kslaw.com
KING & SPALDING LLP
23 633 West Fifth Street, Suite 1600
Los Angeles, CA 90071
24 Tel.: 213-443-4310
25 GEOFFREY DRAKE (Pro Hac Vice)
gdrake@kslaw.com
26 KING & SPALDING LLP
1180 Peachtree Street, NE, Suite 1600
27 Atlanta, GA 30309
Tel.: 404-572-4600
28
-7-
DEFENDANTS’ NOTICE OF SUPPLEMENTAL AUTHORITY
1 Attorneys for Defendants TikTok Inc. and
ByteDance Inc.
2
3 Dated: March 18, 2024 FAEGRE DRINKER BIDDLE & REATH
LLP
4
By: /s/ Tarifa B. Laddon
5 Tarifa B. Laddon
6 TARIFA B. LADDON, SBN 240419
tarifa.laddon@faegredrinker.com
7 DAVID P. KOLLER, SBN 328633
david.koller@faegredrinker.com
8
FAEGRE DRINKER BIDDLE & REATH LLP
9 1800 Century Park East, Suite 1500
Los Angeles, CA 90067
10 Tel.: 310-203-4000
11 ANDREA R. PIERSON, (Pro Hac Vice)
andrea.pierson@faegredrinker.com
12 FAEGRE DRINKER BIDDLE & REATH LLP
13 300 N. Meridian Street, Suite 2500
Indianapolis, IN 46204
14 Tel: 317-237-1424
15 Attorneys for Defendants TikTok Inc. and
ByteDance Inc.
16
17
18
19
20
21
22
23
24
25
26
27
28
-8-
DEFENDANTS’ NOTICE OF SUPPLEMENTAL AUTHORITY
1 PROOF OF SERVICE
2 I, Deborah Grubbs, declare:
3 I am employed in Santa Clara County, State of California. I am over the age of 18 years
4 and not a party to the within action. My business address is Wilson Sonsini Goodrich & Rosati,
5 650 Page Mill Road, Palo Alto, California 94304-1050.
6 On this date, I served:
7 1. DEFENDANTS’ NOTICE OF SUPPLEMENTAL AUTHORITY
8 ☒ By forwarding the document(s) by electronic transmission via Case Anywhere in
accordance with the Court’s Authorized Electronic Service requiring all
9 documents to be served upon interested parties via the Case Anywhere System
10 I am readily familiar with Wilson Sonsini Goodrich & Rosati’s practice for collection and
11 processing of documents for delivery according to instructions indicated above. In the ordinary
12 course of business, documents would be handled accordingly.
13 I declare under penalty of perjury under the laws of the State of California that the
14 foregoing is true and correct. Executed at San Mateo, California on March 18, 2024.
15
16
Deborah Grubbs
17
18
19
20
21
22
23
24
25
26
27
28
-1-
PROOF OF SERVICE
Exhibit A
Filed 3/15/2024
CERTIFIED FOR PUBLICATION
IN THE COURT OF APPEAL OF THE STATE OF CALIFORNIA
SIXTH APPELLATE DISTRICT
STEVE WOZNIAK et al., H050042
(Santa Clara County
Plaintiffs and Appellants, Super. Ct. No. 20CV370338)
v.
YOUTUBE, LLC et al.,
Defendants and Respondents.
This lawsuit stems from a common cryptocurrency scam perpetrated on YouTube:
popular channels are hijacked to show fake videos depicting a tech celebrity hosting a
live event, during which anyone who sends cryptocurrency to a specified account will
receive twice as much in return. Users who send their cryptocurrency in response
actually receive nothing in return.
Plaintiffs are Steve Wozniak—whose YouTube channel was among those
hijacked—and 17 individuals who fell victim to the scam and lost varying amounts of
cryptocurrency. They sued YouTube and Google (defendants), asserting nine causes of
action alleging that defendants have been knowingly hosting, promoting, and profiting
from the scam for years.
The trial court sustained defendants’ demurrer on the ground that plaintiffs’ claims
are barred by the Communications Decency Act of 1996, 47 U.S.C. § 230 (section 230),
which generally provides immunity to interactive computer services that a plaintiff seeks
to treat as a publisher or speaker of information provided by another content provider.
On appeal, plaintiffs argue their claims are not subject to section 230 immunity
because they do not seek to treat defendants as a publisher or speaker of third-party
content, but instead seek to hold them liable for engaging in actions they knew would
further criminal activity, thereby materially contributing to its illegality.
We hold that most of plaintiffs’ claims seek to treat defendants as a publisher or
speaker of third-party content and are therefore precluded by section 230. However, we
also conclude that one of plaintiffs’ claims—that defendants created their own content
and materially contributed to the unlawfulness of the scam by providing verification
badges to hijacked YouTube channels—includes allegations which potentially could fall
outside the scope of section 230 immunity. As currently pleaded, though, we are unable
to conclude that those allegations save any of plaintiffs’ causes of action.
Nevertheless, because there is a reasonable possibility plaintiffs could cure the
defects, we also conclude the trial court abused its discretion in not granting leave to
amend the claims related to verification badges. Accordingly, we reverse and remand for
further proceedings.
I. FACTUAL AND PROCEDURAL BACKGROUND 1
A. YouTube cryptocurrency scams
YouTube, LLC (YouTube) is a video-sharing service that enables its users to
view, post, and comment on video content hosted on its platform. 2 Users can create their
own YouTube channels, thereby making it easy for other users to find a creator’s content
in one place and be notified when new content is uploaded. The most popular YouTube
channels have millions of subscribers.
1
“We derive our facts from those properly pleaded in the complaint and matters
properly judicially noticed. [Citations.] We take as true properly pleaded material facts
alleged in the pleadings, disregarding contentions, deductions, and conclusions of fact or
law. [Citation.]” (County of Santa Clara v. Superior Court (2023) 87 Cal.App.5th 347,
355, fn. 2.)
2
YouTube is a wholly owned and controlled subsidiary of defendant Google, LLC
(Google).
2
User-personalized video recommendations appear when a user first opens the
YouTube website or mobile app, and then automatically play after a video ends.
YouTube utilizes an algorithm that recommends videos to users based on their personal
information and data that YouTube and Google have collected, including clicks, watch
time, likes and dislikes, comments, and upload frequency.
According to plaintiffs, YouTube’s lax security practices over the years have led
to a steady stream of security breaches through which popular YouTube channels are
hijacked and taken over by criminals who then use the channels to perpetrate a scam that
has defrauded YouTube users of millions of dollars. YouTube has not only knowingly
allowed the security breaches and scams, it has also affirmatively promoted and profited
from them.
The scam generally operates as follows. First, scammers will breach YouTube’s
security to unlawfully gain access to verified and popular YouTube channels with tens or
hundreds of thousands of subscribers. The scammers then transfer ownership or control
of the channel to themselves or a co-conspirator, rename the channel to impersonate tech
celebrities or companies, and delete the channel’s pre-existing content.
Next, they upload and play scam videos they have created using pre-existing
images and videos of famous tech entrepreneurs such as plaintiff Wozniak, Bill Gates or
Elon Musk speaking at a cryptocurrency or technology conference, which is intended to
deceive YouTube users into believing that the celebrity is hosting a live “bitcoin
giveaway” event. 3 Plaintiffs allege that Wozniak, who co-founded Apple Computer in
the 1970s, is a “Silicon Valley icon,” who has “engaged in many entrepreneurial and
philanthropic ventures” and is a “widely known, recognized, and beloved public figure.”
3
“Bitcoin is among the world’s most well-known digital currencies….” (Archer
v. Coinbase, Inc. (2020) 53 Cal.App.5th 266, 269.) “A digital currency (also known as
‘cryptocurrency’) is a type of currency maintained by a decentralized network of
participants’ computers, rather than a centralized government or organization.” (Ibid.)
3
The scam video is surrounded with images and text stating that, for a limited time,
anyone who sends bitcoin to a specified account, via a QR code included in the video,
will receive twice as much in return. The images and text often include trademarks, such
as the Apple logo, and a link to a fraudulent web address that incorporates the particular
tech entrepreneur’s name. However, after the users transfer their cryptocurrency in an
irreversible transaction, they receive nothing in return and the scam is complete.
The scam has existed on YouTube since at least October 2018 and has been
replicated many times in substantially the same form. In the process, millions of people
have viewed the scam videos, resulting in the loss of millions of dollars of bitcoin and
other cryptocurrencies. Specific to this lawsuit, unnamed third parties have perpetrated
the scam since at least May 8, 2020, using Wozniak’s name and likeness and thereby
stealing hundreds of thousands of dollars worth of bitcoin and similar cryptocurrencies
from the 17 other named plaintiffs. The scam has continued through the date plaintiffs
filed the initial complaint in this action.
According to plaintiffs, defendants have known about the scam, yet have allowed
it to continue. In many instances, YouTube knew specific channels had been hijacked
but failed to remove or suspend the pre-existing verification badges appearing on those
channels. In at least one instance, YouTube issued a verification badge to a channel
while it was perpetrating the scam. YouTube has allowed the scam to continue, despite
its own stated policies that it does not allow scams or other deceptive practices that take
advantage of the YouTube community.
Defendants have both the human and technological capabilities to implement
reasonable security measures that would prevent hijacking of popular channels and
quickly detect and remove scam videos. Despite having the means to stop or limit the
proliferation of the scam, defendants have declined to do so.
According to plaintiffs, beyond merely allowing it to continue, defendants have
actively promoted and profited from the scam. For instance, YouTube has promoted the
4
scam videos in plaintiffs’ and other users’ home page video recommendations, in their
“up-next” videos which often begin playing automatically upon the conclusion of the
previous video, and in the list of recommended videos shown while one video is playing.
YouTube’s algorithm targets the scam videos directly at plaintiffs because the personal
information and data that defendants have collected about them—such as clicks, watch
time, likes and dislikes, comments, upload frequency, emails sent and received, saved
photos and videos, documents and spreadsheets created, YouTube video comments, and
other behavior through their apps, browsers, and devices—indicated they were interested
in cryptocurrency.
YouTube also issues verification badges to certify to its users that a verified
channel has been vetted and is trustworthy. According to plaintiffs, in issuing a
verification badge, YouTube is communicating that an account is “the official channel of
a creator, artist, company or public figure” and therefore can be trusted. YouTube has
maintained verification badges on channels it knew had been hijacked.
Plaintiffs allege YouTube has also negligently designed its video metrics and other
public-facing features of its platform to permit the scammers to falsely represent that
large numbers of viewers have “liked” and viewed the videos when they have not. The
scammers use bots and other tools to falsely inflate the number of likes, views, and those
currently watching, to make the videos appear authentic and more legitimate. Similarly,
YouTube enables the scammers to falsely represent that an event is live when it is not.
Lastly, defendants sold the scammers paid advertising space that targeted users
based on their browsing history and other personal information defendants have collected
and analyzed, which indicates an interest in cryptocurrency. According to plaintiffs,
despite knowing about the cryptocurrency scams, defendants have continued to sell
scammers “all the targeted scam ads that they are willing to buy,” and have delivered
those ads directly to plaintiffs and other users likely to be interested in the scam video
5
content. YouTube has continued selling these targeted advertisements to the scammers,
notwithstanding its own stated polices that it verifies the identity of its advertisers.
B. Initial complaints and first demurrer
Plaintiffs filed the initial complaint in this action in San Mateo County Superior
Court on July 21, 2020, naming YouTube and Google as defendants. 4 The matter was
transferred to Santa Clara County Superior Court, which issued an order deeming the
case complex and staying all discovery. On February 16, 2021, plaintiffs filed the first
amended complaint (FAC). The FAC alleged causes of action for misappropriation of
likeness—brought by Wozniak only—fraud and misrepresentation, aiding and abetting
fraud, unfair business practices, negligence, negligent failure to warn, and injunctive
relief.
Defendants filed a demurrer to the FAC on April 5, 2021. They argued that
plaintiffs’ claims are precluded by section 230, which was enacted to protect websites
against liability for the failure to remove offensive content. According to defendants,
plaintiffs were not contending that YouTube actually perpetrated the scam or created any
of its content; instead, they sought to hold YouTube liable for not acting more
aggressively to monitor, block and remove the material the third parties posted, or for
providing neutral tools to its users that the third parties used to perpetrate the scam.
Under section 230, they argued, lawsuits “ ‘ “seeking to hold a service provider liable for
its exercise of a publisher’s traditional editorial functions—such as deciding whether to
publish, withdraw, postpone or alter content—are barred,” ’ ” citing Murphy v. Twitter
(2021) 60 Cal.App.5th 12, 26 (Murphy).
Plaintiffs include Wozniak, and the following individuals who claim to have
4
been harmed by the cryptocurrency scam on YouTube: Alex Naray, James Denitto,
Bernardo Garcia, Alexander Geisler, Asa Jacques, Zhenyu Li, Jin Liu, Anthony Martinez,
Harivarmah Nagalinggam, Paul Newman, Myrielle Philistin, Dario Lopez Portilla, Eric
Restrepo, Raul Moreño Romero, David Schrader, Luke Thomas and Lung Hung Yang.
In this opinion, the term “plaintiffs” refers to all 18 plaintiffs; we refer to the non-
Wozniak plaintiffs as the “bitcoin plaintiffs” where necessary to distinguish.
6
They also argued that, even apart from section 230 immunity, plaintiffs had failed
to state a viable cause of action. According to defendants, the law does not recognize a
theory of secondary liability for misappropriation of likeness and there is no plausible
allegation that YouTube itself actually used Wozniak’s likeness. In addition, they
argued, plaintiffs cannot establish that YouTube owed them a special duty of care
because they did not allege YouTube itself engaged in the allegedly unlawful conduct
necessary for each claim.
The trial court sustained the demurrer on section 230 immunity grounds but
granted plaintiffs leave to amend.
C. Discovery stay
Prior to filing their second amended complaint, plaintiffs moved to lift the
discovery stay. They argued that the critical factual dispute in the case is the extent of
defendants’ involvement in creating and contributing to the scam videos and
advertisements driving the scams. According to plaintiffs, they were entitled to obtain
critical facts in defendants’ sole possession to more fully support their allegations, and
“[p]laintiffs’ inability to do so in this case has and continues to severely prejudice their
ability to have their grievance fairly and fully heard by the Superior Court.”
Defendants opposed the motion, arguing that section 230 provides broad immunity
that warrants staying discovery. They contended that courts have consistently stayed
discovery when defendants have brought a case-dispositive section 230 defense, and that
plaintiffs have not cited any authority involving a section 230 case where a discovery stay
has been lifted to allow a party “to conduct intrusive discovery in the face of a broad
immunity that the court has already held bars the claims at issue.”
The trial court denied plaintiffs’ motion. It relied on the “significant public
interest” in section 230 to protect websites from ultimate liability and from having to
fight costly and protracted legal battles, and on the importance of resolving immunity
questions at the earliest possible stage in litigation to avoid unnecessary discovery and
7
other burdens. The court noted that “federal courts routinely stay discovery in cases
apparently subject to Section 230 until the complaint is deemed adequate to avoid
[section 230] immunity.” According to the court, plaintiffs’ “vague contentions” that
discovery is necessary fail to explain sufficiently “what sort of facts they believe
discovery would reveal that would change the section 230 analysis….” The court added
that plaintiffs “might be able to do that in the future, but haven’t done that yet.”
D. Second amended complaint, demurrer, and motion to lift discovery stay
Plaintiffs filed the operative second amended complaint on September 9, 2021
(SAC). The SAC sets forth the allegations summarized above in the factual background,
and asserts nine causes of action: (1) misappropriation of likeness, brought by Wozniak
only; (2) fraud and misrepresentation; (3) aiding and abetting fraud; (4) unfair business
practices; (5) negligence; (6) negligent design; (7) negligent failure to warn; (8) breach of
implied contract; and (9) promissory estoppel.
At the same time they filed the SAC, plaintiffs submitted a renewed motion to lift
the discovery stay. They restated their previous arguments that they were entitled to
discovery on their initial causes of action, and argued they were also entitled to discovery
on their new theories of liability because they did not implicate section 230 immunity.
According to plaintiffs, those new theories included: (1) negligent security resulting in
the regular hijacking of YouTube channels; (2) negligent design of YouTube video
metrics, channel information, and security features; (3) wrongful disclosure of plaintiffs’
personal information to scammers, including information indicating plaintiffs’ interest in
cryptocurrency; (4) promissory estoppel arising from defendants’ promises about
providing excellent security, scam protection, accurate video metrics and channel
information, and responsible use of its users’ personal information; and (5) negligent
failure to warn plaintiffs about each of the foregoing. Plaintiffs contended that section
230 does not apply to those claims because they do not seek to impose liability on
8
defendants for their conduct as a publisher or speaker, so the discovery stay should be
lifted.
Defendants demurred to the SAC as well, presenting the same general arguments
set forth in the initial demurrer, including as to the new causes of action. Defendants also
opposed the renewed motion to lift the discovery stay on the same grounds.
E. Trial court ruling
The trial court sustained the demurrer to the SAC and denied the renewed motion
to lift the discovery stay. It first addressed plaintiffs’ allegations, re-stated from the FAC,
that defendants had materially contributed to the illegal scam by actively promoting the
videos, selling targeted ads, falsely verifying the channels, and providing false and
misleading information to promote the videos. The court held that these actions
constituted “neutral tools” and, under existing precedent, plaintiffs cannot plead around
section 230 immunity by framing such neutral website features as content. “In sum,” the
court stated, “all of Plaintiffs’ claims seek to hold Defendants liable as the publisher of
content created by others, and not for Defendants’ own content that ‘contributes
materially to the alleged illegality of’ the scams at issue here.”
The court then addressed the new facts and theories alleged in the SAC,
specifically security- or design-related claims and contract-related causes of action. With
respect to the former, the court concluded that the theories of liability still depend on
third-party content, without which no liability could exist. With respect to the latter, the
court held that, while styled as claims for breach of contract and negligent
misrepresentation, in reality they treat defendants as publishers and seek to hold them
liable for third-party conduct, thereby coming within the scope of section 230 immunity.
The court did not address defendants’ alternative arguments that, independent of
section 230, the causes of action failed to state sufficient claims for relief.
The court sustained the demurrer without leave to amend because plaintiffs had
not explained how they could amend the SAC to avoid section 230 immunity, and the
9
court could not discern any such reasonable possibility. The order was entered on
January 26, 2022.
A judgment of dismissal (judgment) was entered on May 4, 2022.
Plaintiffs timely appealed.
II. DISCUSSION
Plaintiffs argue on appeal that (1) section 230 does not apply to the conduct
alleged in this case, which seeks to hold defendants liable for choosing to engage in
actions they knew would further entirely criminal activity, and (2) the trial court abused
its discretion in imposing a blanket stay of all discovery and repeatedly refusing to lift the
stay.
Defendants argue that (1) plaintiffs’ claims seek to impose liability for harm
caused by third-party videos hosted on YouTube, which section 230 precludes; (2) even
if section 230 does not apply, plaintiffs have still failed to state viable claims because
they improperly attempt to impose vicarious liability for harms caused by unrelated third
parties; and (3) the trial court properly exercised its discretion in imposing limits on
discovery.
We address these arguments in turn below.
A. Section 230 immunity
1. Applicable law and standard of review
“When reviewing a ruling on a demurrer, we examine de novo whether the
complaint alleges facts sufficient to state a cause of action.” (Liapes v. Facebook (2023)
95 Cal.App.5th 910, 919 (Liapes), citing Regents of University of California v. Superior
Court (2013) 220 Cal.App.4th 549, 558 (Regents).) “ ‘We assume the truth of the
properly pleaded factual allegations, [and] facts that reasonably can be inferred from
those expressly pleaded.’ [Citation.] But we do not assume the truth of ‘contentions,
deductions, or conclusions of law.’ ” (Liapes, supra, at p. 919, quoting Stearn v. County
of San Bernardino (2009) 170 Cal.App.4th 434, 440.)
10
“We liberally construe the complaint ‘with a view to substantial justice between
the parties,’ drawing ‘all reasonable inferences in favor of the asserted claims.’ ”
(Liapes, supra, 95 Cal.App.5th at p. 919, quoting Regents, supra, 220 Cal.App.4th at p.
558.) “The plaintiff must demonstrate the court erroneously sustained the demurrer and
‘must show the complaint alleges facts sufficient to establish every element of each cause
of action.’ ” (Liapes, supra, at p. 919, quoting Rakestraw v. California Physicians’
Service (2000) 81 Cal.App.4th 39, 43.)
When a demurrer is sustained without leave to amend, “we decide whether there is
a reasonable possibility that the defect can be cured by amendment: if it can be, the trial
court has abused its discretion and we reverse; if not, there has been no abuse of
discretion and we affirm. [Citations.] The burden of proving such reasonable possibility
is squarely on the plaintiff.” (Blank v. Kirwan (1985) 39 Cal.3d 311, 318 (Blank).) In the
context of a demurrer on section 230 grounds, “when a plaintiff cannot allege enough
facts to overcome Section 230 immunity, a plaintiff’s claims should be dismissed.”
(Dyroff v. Ultimate Software Group, Inc. (9th Cir. 2019) 934 F.3d 1093, 1097 (Dyroff).) 5
Section 230 “ ‘immunizes providers of interactive computer services against
liability arising from content created by third parties.’ ” (Liapes, supra, 95 Cal.App.5th
at p. 928, quoting Fair Housing Council of San Fernando Valley v. Roommates.com, LLC
(9th Cir. 2008) 521 F.3d 1157, 1162, fn. omitted (Roommates).) “Congress enacted
section 230 ‘for two basic policy reasons: to promote the free exchange of information
and ideas over the internet and to encourage voluntary monitoring for offensive and
5
Although federal precedents interpreting section 230 are not binding upon this
court, “where the decisions of the federal courts on a federal question are ‘ “ ‘both
numerous and consistent,’ ” ’ we should hesitate to reject their authority [citation].” (Doe
II v. MySpace, Inc. (2009) 175 Cal.App.4th 561, 571, quoting Barrett v. Rosenthal (2006)
40 Cal.4th 33, 58 (Barrett); Etcheverry v. Tri–Ag Service, Inc. (2000) 22 Cal.4th 316,
320–321 [“While we are not bound by decisions of the lower federal courts, even on
federal questions, they are persuasive and entitled to great weight.”].)
11
obscene material.’ ” (Hassell v. Bird (2018) 5 Cal.5th 522, 534 (Hassell), quoting
Carafano v. Metrosplash.com, Inc. (9th Cir. 2003) 339 F.3d 1119, 1122.)
Section 230, subdivision (c)(1) states: “No provider or user of an interactive
computer service shall be treated as the publisher or speaker of any information provided
by another information content provider.” Section 230, subdivision (e)(3) provides: “No
cause of action may be brought, and no liability may be imposed under any State or local
law that is inconsistent with this section.”
An “interactive computer service” is defined in the statute as “any information
service, system, or access software provider that provides or enables computer access by
multiple users to a computer server, including specifically a service or system that
provides access to the Internet and such systems operated or services offered by libraries
or educational institutions.” (§ 230, subd. (f)(2).) The statute also defines “information
content provider” as “any person or entity that is responsible, in whole or in part, for the
creation or development of information provided through the Internet or any other
interactive computer service.” (§ 230, subd. (f)(3).)
Read together, these two provisions “ ‘protect from liability (1) a provider or user
of an interactive computer service (2) whom a plaintiff seeks to treat, under a state law
cause of action, as a publisher or speaker (3) of information provided by another
information content provider.’ ” (Murphy, supra, 60 Cal.App.5th at p. 24, quoting
Barnes v. Yahoo!, Inc. (9th Cir. 2009) 570 F.3d 1096, 1100–1101, fn. omitted (Barnes).) 6
The California Supreme Court has explained that these provisions “convey[] an
intent to shield Internet intermediaries from the burdens associated with defending
against state law claims that treat them as the publisher or speaker of third party content.”
(Hassell, supra, 5 Cal.5th at p. 544; see also Barrett, supra, 40 Cal.4th 33, 39 [section
230, subdivisions (c)(1) and (e)(3) “have been widely and consistently interpreted to
6
The parties agree that YouTube is an interactive computer service—accordingly,
our discussion below focuses only on the second and third elements.
12
confer broad immunity against defamation liability for those who use the Internet to
publish information that originated from another source”].)
“Accordingly, section 230 protects an interactive computer service provider’s
curation of content on its platform from ‘ “ ‘claims that would place a computer service
provider in a publisher’s role. Thus, lawsuits seeking to hold a service provider liable for
its exercise of a publisher’s traditional editorial functions—such as deciding whether to
publish, withdraw, postpone or alter content—are barred.’ ” ’ (Prager University v.
Google, LLC (2022) 85 Cal.App.5th 1022, 1032 (Prager), quoting Barrett, supra, 40
Cal.4th at p. 43.)
Notwithstanding that broad construction of section 230, “an interactive computer
service provider only has immunity if it is not also the information content provider —
that is, someone ‘responsible, in whole or in part, for the creation or development’ of the
content at issue.” (Liapes, supra, 95 Cal.App.5th at p. 928, citing § 230, subd. (f)(3),
Roommates, supra, 521 F.3d at p. 1162.) “Passively displaying content ‘created entirely
by third parties’ renders the operator only a service provider ‘with respect to that
content.’ (Roommates, at p. 1162.) ‘But as to content that it creates itself, or is
“responsible, in whole or in part” for creating or developing, the website is also a content
provider.’ [Citation.] ‘Thus, a website may be immune from liability for some of the
content it displays to the public but be subject to liability for other content.’ ” (Liapes,
supra, 95 Cal.App.5th at p. 928.)
A website creates or develops content “by making a material contribution to [its]
creation or development.” (Kimzey v. Yelp, Inc. (9th Cir. 2016) 836 F.3d 1263, 1269
(Kimzey).) A “material contribution” does not refer to “merely . . . augmenting the
content generally, but to materially contributing to its alleged unlawfulness.”
(Roommates, supra, 521 F.3d at pp. 1167-1168.)
13
2. Analysis
In their briefs on appeal, plaintiffs group their claims into