Full opinion text
OPINION AND ORDER BUCHWALD, District Judge. Plaintiffs bring this class action on behalf of themselves and all others similarly situated against defendant Doubleclick, Inc. (“defendant” or “Doubleclick”) seeking injunctive and monetary relief for injuries they have suffered as a result of DoubleClick’s purported illegal conduct. Specifically, plaintiffs bring three claims under federal laws: (1) 18 U.S.C. § 2701, et seq.; (2) 18 U.S.C. § 2510, et seq.; (3) 18 U.S.C. § 1030, et seq.; and four claims under state laws: (1) common law invasion of privacy; (2) common law unjust enrichment; (3) common law trespass to property; and (4) Sections 349(a) and 350 of Article 22A of the New York General Business Law. Now pending is DoubleClick’s motion, pursuant to Fed.R.Civ.P. 12(b)(6), to dismiss Claims I, II and III of the Amended Complaint for failure to state a claim on which relief can be granted. For the reasons discussed below, DoubleClick’s motion is granted and the Amended Complaint is dismissed with prejudice. PROCEDURAL HISTORY This case is a multidistrict consolidated class action. The initial complaint was filed in this Court on January 31, 2000. On May 10, 2000, this Court consolidated the set of related federal class actions against Doubleclick in the Southern and Eastern Districts of New York pursuant to Rule 42(a) of the Fed.R.Civ.P. and Local Rule 1.6 of the Southern and Eastern Districts of New York. The consolidated class filed its Amended Complaint on May 26, 2000. Later, pursuant to 28 U.S.C. § 1407(a), the Judicial Panel on Multidis-trict Litigation transferred two cases to this Court for pretrial proceedings: Steinbeck v. DoubleClick, 00 Civ. 5705, C.A, N.O. 8:00-98 (C.D.Cal) on July 31, 2000 and Freedman v. Doubleclick, 00 Civ. 7194, 2:00-1559 (E.D.La) on September 22, 2000. BACKGROUND Doubleclick, a Delaware corporation, is the largest provider of Internet advertising products and services in the world. Its Internet-based advertising network of over 11,000 Web publishers has enabled Doubleclick to become the market leader in delivering online advertising. Double-Click specializes in collecting, compiling and analyzing information about Internet users through proprietary technologies and techniques, and using it to target online advertising. Doubleclick has placed billions of advertisements on its clients’ behalf and its services reach the majority of Internet users in the United States. THE INTERNET Although a comprehensive description of the Internet is unnecessary to address the issues raised in this motion, a rudimentary grasp of its architecture and engineering is important. The Internet is accurately described as a “network of networks.” Computer networks are interconnected individual computers that share information. Anytime two or more computer networks connect, they form an “internet.” The “Internet” is a shorthand name for the vast collection of interconnected computer networks that evolved from the Advanced Research Projects Agency Network (“AR-PANet”) developed by the United States Defense Department in the 1960’s and 1970’s. Today, the Internet spans the globe and connects hundreds of thousands of independent networks. The World Wide Web (“the Web” or “WWW”) is often mistakenly referred to as the Internet. However, the two are quite different. The Internet is the physical infrastructure of the online world: the servers, computers, fiber-optic cables and routers through which data is shared online. The Web is data: a vast collection of documents containing text, visual images, audio clips and other information media that is accessed through the Internet. Computers known as “servers” store these documents and make them available over the Internet through “TCP/IP” (Transmission Control Protocol/Internet Protocol), a set of standard operating and transmission protocols that structure the Web’s operation. Every document has a unique “URL” (Universal Resource Locator) that identifies its physical location in the Internet’s infrastructure. Users access documents by sending request messages to the servers that store the documents. When a server receives a user’s request (for example, for Lycos.com’s home page), it prepares the document and then transmits the information back to the user. The Internet utilizes a technology called “packet switching” to carry data. Packet switching works as follows. The computer wishing to send a document (“originating computer”), such as a music file or digital image, cuts the document up into many small “packets” of information. Each packet contains the Internet Protocol (“IP”) address of the destination Web site, a small portion of data from the original document, and an indication of the data’s place in the original document. The originating computer then sends all of the packets through its local network to an external “router.” A router is a device that contains continuously-updated directories of Internet addresses called “routing tables.” The router takes each packet from the original document and sends it to the next available router in the direction of the destination Web site. Because each router is connected to many other routers and because the connection between any two given routers may be congested with traffic at a given moment, packets from the same document are often sent to different routers. Each of these routers, in turn, repeats this process, forwarding each packet it receives to the next available router in the direction of the destination Web site. Collectively, this process is called “dynamic routing.” The result is that packets of information from the originating computer may take entirely different routes over the Internet (i.e., traveling over different routers and cables) to their ultimate destination. Obviously, the packets arrive out of their original order because some have been forced to take much longer or slower routes between the originating and destination computers. However, because each packet contains code that identifies its place in the original document, the destination computer is able to reassemble the original document from the disorganized packets. At that point, the destination computer sends a message back to the originating computer either reporting that it received the full message, or requesting that the originating computer re-send any packets that never arrived. This entire process typically occurs in a matter of seconds. Packet-switching technology and dynamic routing have helped to give the Internet’s infrastructure its extraordinary efficiency and resiliency. DOUBLECLICK’S TECHNOLOGY AND SERVICES Doubleclick provides the Internet’s largest advertising service. Commercial Web sites often rent-out online advertising “space” to other Web sites. In the simplest type of arrangement, the host Web site (e.g., Lycos.com) rents space on its webpages to another Web site (e.g., The-Globe.com) to place a “hotlink” banner advertisement (“banner advertisement”). When a user on the host Web site “clicks” on the banner advertisement, he is automatically connected to the advertiser’s designated Web site. Doubleclick acts as an intermediary between host Web sites and Web sites seeking to place banner advertisements. It promises client Web sites that it will place their banner advertisements in front of viewers who match their demographic target. For example, Doubleclick might try to place banner advertisements for a Web site that sells golfclubs in front of high-income people who follow golf and have a track record of making expensive online purchases. Doubleclick creates value for its customers in large part by building detailed profiles of Internet users and using them to target clients’ advertisements. Doubleclick compiles user profiles utilizing its proprietary technologies and analy-ses in cooperation with its affiliated Web sites. Doubleclick is affiliated with over 11,000 Web sites for which and on which it provides targeted banner advertisements. A select group of over 1,500 of these Web sites form the “Doubleclick Network” and are among “the most highly trafficked and branded sites on the Web.” In addition, Doubleclick owns and operates two Web sites through which it also collects user data: (1) the Internet Address Finder (“IAF”); and (2) NetDeals.com. When users visit any of these Double-Click-affiliated Web sites, a “cookie” is placed on their hard drives. Cookies are computer programs commonly used by Web sites to store useful information such as usernames, passwords, and preferences, making it easier for users to access Web pages in an efficient manner. However, Plaintiffs allege that DoubleClick’s cookies collect “information that Web users, including plaintiffs and the Class, consider to be personal and private, such as names, email addresses, home and business addresses, telephone numbers, searches performed on the Internet, Web pages or sites visited on the Internet and other communications and information that users would not ordinarily expect advertisers to be able to collect.” Amended Complaint at ¶ 38. DoubleClick’s cookies store this personal information on users’ hard drives until Doubleclick electronically accesses the cookies and uploads the data. How Doubleclick targets banner advertisements and utilizes cookies to collect user information is crucial to our analysis under the three statutes. Therefore, we examine both processes in greater detail. A. Targeting Banner Advertisements DoubleClick’s advertising targeting process involves three participants and four steps. The three participants are: (1) the user; (2) the DoubleClick-affiliated Web site; (3) the Doubleclick server. For the purposes of this discussion, we assume that a Doubleclick cookie already sits on the user’s computer with the identification number “# 0001.” In Step One, a user seeks to access a DoubleClick-affiliated Web site such as Lycos.com. The user’s browser sends a communication to Lycos.com (technically, to Lycos.com’s server) saying, in essence, “Send me your homepage.” U.S. Patent No. 5,948,061 (issued September 7, 1999) (“Doubleclick Patent”), col. 3,11. 6-9. This communication may contain data submitted as part of the request, such as a query string or field information. In Step Two, Lycos.com receives the request, processes it, and returns a communication to the user saying “Here is the Web page you requested.” The communication has two parts. The first part is a copy of the Lycos.com homepage, essentially the collection article summaries, pictures and hotlinks a user sees on his screen when Lycos.com appears. The only objects missing are the banner advertisements; in their places lie blank spaces. Id. at col. 3,11. 28-34. The second part of the communication is an IP-address link to the Doubleclick server. Id. at col. 3, 11. 35-38. This link instructs the user’s computer to send a communication automatically to DoubleClick’s server. In Step Three, as per the IP-address instruction, the user’s computer sends a communication to the Doubleclick server saying “I am cookie # 0001, send me banner advertisements to fill the blank spaces in the Lycos.com Web page.” This communication contains information including the cookie identification number, the name of the DoubleClick-affiliated Web site the user requested, and the user’s browser-type. Id. at col. 3,11. 41-52. Finally, in Step Four, the Doubleclick server identifies the user’s profile by the cookie identification number and runs a complex set of algorithms based, in part, on the user’s profile, to determine which advertisements it will present to the user. Id. at col. 3,11. 52-57, col. 5,1. 11 — col. 6,1. 59. It then sends a communication to the user with banner advertisements saying “Here are the targeted banner advertisements for the Lyeos.com homepage.” Meanwhile, it also updates the user’s profile with the information from the request. Id. at col. 6,1. 60 — col. 7,1. 14. DoubleClick’s targeted advertising process is invisible to the user. His experience consists simply of requesting the Ly-cos.com homepage and, several moments later, receiving it complete with banner advertisements. B. Cookie Information Collection DoubleClick’s cookies only collect information from one step of the above process: Step One. The cookies capture certain parts of the communications that users send to DoubleClick-affiliated Web sites. They collect this information in three ways: (1) “GET” submissions, (2) “POST” submissions, and (3) “GIF” submissions. GET information is submitted as part of a Web site’s address or “URL,” in what is known as a “query string.” For example, a request for a hypothetical online record store’s selection of Bon Jovi albums might read: http://recordstore. hypothetical, com/ search?terms=bonjovi. The URL query string begins with the “?” character meaning the cookie would record that the user requested information about Bon Jovi. Users submit POST information when they fill-in multiple blank fields on a web-page. For example, if a user signed-up for an online discussion group, he might have to fill-in fields with his name, address, email address, phone number and discussion group alias. The cookie would capture this submitted POST information. Finally, Doubleclick places GIF tags on its affiliated Web sites. GIF tags are the size of a single pixel and are invisible to users. Unseen, they record the users’ movements throughout the affiliated Web site, enabling Doubleclick to learn what information the user sought and viewed. Although the information collected by DoubleClick’s cookies is allegedly voluminous and detailed, it is important to note three clearly defined parameters. First, DoubleClick’s cookies only collect information concerning users’ activities on Double-Click-affiliated Web sites. Thus, if a user visits an unaffiliated Web site, the Doubleclick cookie captures no information. Second, plaintiff does not allege that Doubleclick ever attempted to collect any information other than the GET, POST, and GIF information submitted by users. Doubleclick is never alleged to have accessed files, programs or other information on users’ hard drives. Third, Doubleclick will not collect information from any user who takes simple steps to prevent Double-Click’s tracking. As plaintiffs’ counsel demonstrated at oral argument, users can easily and at no cost prevent Doubleclick from collecting information from them. They may do this in two ways: (1) visiting the Doubleclick Web site and requesting an “opt-out” cookie; and (2) configuring their browsers to block any cookies from being deposited. Transcript of February 22, 2001 Oral Argument at 15-18. Once Doubleclick collects information from the cookies on users’ hard drives, it aggregates and compiles the information to build demographic profiles of users. Plaintiffs allege that Doubleclick has more than 100 million user profiles in its database. Exploiting its proprietary Dynamic Advertising Reporting & Targeting (“DART”) technology, Doubleclick and its licensees target banner advertisements using these demographic profiles. ABACUS ACQUISITION AND FTC INVESTIGATION In June 1999, Doubleclick purchased Abacus Direct Corp. (“Abacus”) for more than one billion dollars. Abacus was a direct-marketing services company that maintained a database of names, addresses, telephone numbers, retail purchasing habits and other personal information on approximately ninety percent of American households, which it sold to direct marketing companies. Plaintiffs allege that Doubleclick planned to combine its database of online profiles with Abacus’ database of offline customer profiles in order to create a super-database capable of matching users’ online activities with their names and addresses. In furtherance of this effort, Double-Click created the Abacus Online Alliance (“Abacus Alliance”) and amended its privacy policy. The Abacus Alliance is purportedly a confidential group of online marketers and publishers who secretly contribute their compiled customer data to a cooperative database managed by Doubleclick. In return for their contributions, Abacus Alliance members gain access to exclusive Doubleclick products and services. In mid-1999, shortly after acquiring Abacus, Doubleclick amended its privacy policy by removing its assurance that information gathered from users online would not be associated with their personally identifiable information. Not long after the Abacus acquisition, the Federal Trade Commission (“FTC”) launched an investigation into whether DoubleClick’s collection, compilation and use of consumer information constituted unfair or deceptive trade practices in violation of Section 5 of the Federal Trade Commission Act. On March 2, 2000, Kevin O’Connor, DoubleClick’s CEO and Chairman of the Board, announced that he had made a “mistake” by planning to merge DoubleClick’s and Abacus’ databases and stated that Doubleclick would undertake no such merger until it reached an agreement with the United States government and Internet industry regarding privacy standards. It is unclear whether Doubleclick had already merged any of the information. The FTC concluded its investigation on January 22, 2001. In a letter to Double-Click’s outside counsel, the FTC announced that it was ending its investigation with no finding that Doubleclick had engaged in unfair or deceptive trade practices. It summarized its conclusions: Based on this investigation, it appears to staff that Doubleclick never used or disclosed consumers’ PII [personal identifiable information] for purposes other than those disclosed in its privacy policy. Specifically, it appears that Doubleclick did not combine PII from Abacus Direct with clickstream collected on client Web sites. In addition, it appears that Doub-leclick has not used sensitive data for any online preference marketing product, in contravention of its stated online policy. We understand that Double-Click’s Boomerang product takes user data from one site to target advertising to the same user on other sites. However, the user profiles Doubleclick creates for its Boomerang clients for this targeting contains only non-PII. Furthermore, we understand that for all new Boomerang clients, Doubleclick requires by contract that the site disclose in its privacy policy that it uses Double-Click’s services to target advertising to consumers, and Doubleclick will not implement Boomerang on a site until such disclosures are posted. The letter also noted several commitments Doubleclick made to modifying its privacy policy to “enhance its effectiveness,” including allowing a user to request an “opt out” cookie that would prevent Double-Click from collecting information from that user. DISCUSSION Defendants move to dismiss plaintiffs’ claims, pursuant to Fed.R.Civ.P. 12(b)(6), for failure to state a claim upon which relief may be granted. In considering a motion to dismiss pursuant to Fed.R.Civ.P. 12(b)(6), we accept as true all material factual allegations in the Amended Complaint, Atlantic Mutual Ins. Co. v. Balfour Maclaine Int'l, Ltd., 968 F.2d 196, 198 (2d Cir.1992), and may grant the motion only where “it appears beyond doubt that the plaintiff can prove no set of facts in support of his claim which would entitle him to relief.” Still v. DeBuono, 101 F.3d 888, 891 (2d Cir.1996); see Conley v. Gibson, 355 U.S. 41, 48, 78 S.Ct. 99, 2 L.Ed.2d 80 (1957). “General, conclusory allegations need not be credited, however, when they are belied by more specific allegations of the complaint.” Hirsch v. Arthur Andersen & Co., 72 F.3d 1085 (2d Cir.1995) (citing Jenkins v. S & A Chaissan & Sons, Inc., 449 F.Supp. 216, 227 (S.D.N.Y.1978)); 5A Charles A. Wright & Arthur R. Miller, Federal Practice and Procedure § 1363, at 464-65 (2d ed.1990). In addition to the facts set forth in the Amended Complaint, we may also consider documents attached thereto and incorporated by reference therein, Automated Salvage Transp., Inc. v. Wheelabrator Envtl., Sys., Inc., 155 F.3d 59, 67 (2d. Cir.1998), matters of public record such as case law and statutes, Pani v. Empire Blue Cross Blue Shield, 152 F.3d 67, 75 (2d. Cir.1998), and matters of judicial notice. See Brass v. American Film Technologies, Inc., 987 F.2d 142, 150 (2d Cir.1993); Kramer v. Time Warner Inc., 937 F.2d 767, 774 (2d Cir.1991). Claim I. Title II of the ECPA Title II (“Title II”) of the Electronic Communications Privacy Act (“ECPA”), 18 U.S.C. § 2701 et seq. (“ § 2701”), aims to prevent hackers from obtaining, altering or destroying certain stored electronic communications. See Sherman & Co. v. Salton Maxim Housewares, Inc., 94 F.Supp.2d 817, 820 (E.D.Mich.2000) (“the ECPA was primarily designed to provide a cause of action against computer hackers”) (quoting State Wide Photocopy Corp. v. Tokai Fin. Serv., Inc., 909 F.Supp. 137, 145 (S.D.N.Y.1995)). It creates both criminal sanctions and a civil right of action against persons who gain unauthorized access to communications facilities and thereby access electronic communications stored incident to their transmission. Title II specifically defines the relevant prohibited conduct as follows: “(a) Offense. Except as provided in subsection (c) of this section whoever(l) intentionally accesses without authorization a facility through which an electronic information service is provided; or (2) intentionally exceeds an authorization to access that facility; and thereby obtains ... access to a wire or electronic communication while it is in electronic storage in such system shall be punished .... ” Plaintiffs contend that DoubleClick’s placement of cookies on plaintiffs’ hard drives constitutes unauthorized access and, as a result, DoubleClick’s collection of information from the cookies violates Title II. However, Title II contains an exception to its general prohibition. “(c) Exceptions.-Subsection (a) of this section does not apply with respect to conduct authorized... (2) by a user of that [wire or electronic communications] service with respect to a communication of or intended for that user;” Doubleclick argues that its conduct falls under this exception. It contends that the DoubleClick-affiliated Web sites are “users” of the Internet and that all of plaintiffs’ communications accessed by DoubleClick’s cookies have been “of or intended for” these Web sites. Therefore, it asserts, the Web sites’ authorization excepts DoubleClick’s access from § 2701(a)’s general prohibition. We must first address the threshold issue of whether DoubleClick’s argument that its conduct falls under a statutory exception is resolvable on a motion to dismiss. Plaintiffs contend that the issue turns on whether exception § 2701(c)(2) is considered an affirmative defense or a statutory element of the offense. As a general matter, a plaintiff need not plead denials of affirmative defenses, see Harris v. City of New York, 186 F.3d 243, 251 (2d Cir.1999) (citing 5 Charles Wright & Arthur Miller, Federal Practice and Procedure: Civil 2d § 1276 (2d ed.1990 & 1999 pocket part)), whereas courts may dismiss a claim based on a statutory exception that appears on the face of the complaint. See Orton v. Pirro, Collier, et al., No. 95 Civ. 3056, 1996 WL 18831, at *2 (S.D.N.Y. Jan. 18, 1996) (dismissing ECPA Title III claim where statutory consent exception appeared in the complaint). Examining the statute, it appears that § 2701(c) is a statutory exception. First, § 2701(c) is entitled “Exceptions” and states “Subsection (a) of this section does not apply with respect to conduct ...” Second, § 2701(a) reinforces § 2701(c)’s function by carving our § 2701(c)’s exceptions in the very definition of the offense: “§ 2701(a) Offense.-Except as provided in subsection (c) of this section ...” Third, § 2707, the section that provides for a civil cause of action, subsection (e), is entitled “Defense” and specifies three affirmative defenses to civil claims under § 2707. Presumably, if Congress had intended § 2701(c)(l — 3) to constitute affirmative defenses, it could have labeled them as such as it did in § 2707. Fourth, nothing in the legislative history suggests that § 2701(c) should be considered an affirmative defense instead of a statutory exception. Thus, if DoubleClick’s conduct falls into one of § 2701(c)’s exceptions on the face of the pleadings, it is proper for us to dismiss the claim as one within a statutory exception. Furthermore, even if § 2701(c) was construed as an affirmative defense, the Second Circuit has held that a court may properly dismiss a claim on the pleadings when an affirmative defense appears on its face. See Day v. Moscow, 955 F.2d 807, 811 (2d Cir.1992) (“[W]hen all relevant facts are shown by the court’s own records, of which the court takes notice, the [affirmative] defense may be upheld on a Rule 12(b)(6) motion without requiring an answer”); see generally 2 James Wm. Moore et al., Moore’s Federal Practice § 12.34[4][b] (3d ed.2000). Assuming that the communications are considered to be in “electronic storage,” it appears that plaintiffs have adequately pled that DoubleClick’s conduct constitutes an offense under § 2701(a), absent the exception under § 2701(c)(2). Therefore, the issue is whether DoubleClick’s conduct falls under § 2701(c)(2)’s exception. This issue has three parts: (1) what is the relevant electronic communications service?; (2) were DoubleClick-affiliated Web sites “users” of this service?; and (3) did the DoubleClick-affiliated Web sites give Doubleclick sufficient authorization to access plaintiffs’ stored communications “intended for” those Web sites? A. “Internet Access” is the relevant electronic communications service. Obviously, in a broad sense, the “Internet” is the relevant communications service. However, for the purposes of this motion, it is important that we define Internet service with somewhat greater care and precision. Plaintiff, at turns, argues that the electronic communications service is “Internet access” and “the ISP [Internet Service Provider].” Plaintiffs’ Opposition Brief at 8, 12. The difference is important. An ISP is an entity that provides access to the Internet; examples include America Online, UUNET and Juno. Access to the Internet is the service an ISP provides. Therefore, the “service which provides to users thereof the ability to send or receive wire or electronic communications” is “Internet access.” B. Web Sites are “users” under the ECPA. The ECPA defines a “user” as “any person or entity who (A) uses an electronic communication service; and (B) is duly authorized by the provider of such service to engage in such use.” 18 U.S.C. § 2510(13). On first reading, the Double-Click-affiliated Web sites appear to be users — they are (1) “entities” that (2) use Internet access and (3) are authorized to use Internet access by the ISPs to which they subscribe. However, plaintiffs make two arguments that Web sites nevertheless are not users. Both are unpersuasive. First, plaintiffs argue that “[t]he most natural reading of ‘user’ is the person who has signed up for Internet access, which means the individual plaintiffs and Class members — not the Web servers.” Plaintiffs’ Opposition Brief at 12. Insofar as this argument implies that the statute meant to differentiate between human and non-human users, it is clearly contradicted by the statute’s language that defines a “user” as “any person or entity ...” (emphasis added). Furthermore, it rests on the erroneous assumption that only human users “sign[ ] up for Internet access,” not Web sites or servers. This court takes judicial notice of the fact that all people and entities that utilize Internet access subscribe to ISPs or are ISPs. Although the vast majority of people who sign-up for Internet access from consumer-focused ISPs such as America Online and Juno are individuals, every Web site, company, university, and government agency that utilizes Internet access also subscribes to an ISP or is one. These larger entities generally purchase “Internet access” in bulk from ISPs, often with value-added services and technologically advanced hardware. Nevertheless, they purchase the same underlying Internet access as individual users. Therefore, plaintiffs fail to distinguish class members from Web sites and servers based on whether they subscribe to an ISP for Internet access. Second, plaintiffs argue that “[t]he individual plaintiff (‘user’) owns the personal computer (‘facility’), while the Web sites she visits do not. [And that] [u]nder basic property and privacy notions, therefore, only she can authorize access to her own messages stored on that facility.” Plaintiffs’ Opposition Brief at 12. Again, plaintiffs seem to ignore the statute’s plain language. The general rule under § 2701(a) embodies plaintiffs’ position that only those authorized to use a “facility” may consent to its access. Nevertheless, Congress explicitly chose to make § 2701(a)’s general rule subject to § 2701(c)(2)’s exception for access authorized by authors and intended recipients of electronic communications. Thus, plaintiffs’ argument is essentially that this Court should ignore § 2701(c)(2) because Congress failed to take adequate account of “basic property and privacy notions.” However, it is not this Court’s role to revisit Congress’ legislative judgments. One final point bears mention, even though plaintiffs did not raise it. One could imagine a facially sensible argument that Web sites are not “users” of Internet access because they are passive storage receptacles for information; the human is the “user” and the Web site is what is used. However, the Internet’s engineering belies this description. Because the Internet functions through packet-switching and dynamic routing, human users do not in any sense connect to a passive receptacle and obtain information. Indeed, no direct connection ever exists between the human user and the Web site. Rather, the human user sends a request to which the Web site must actively respond: processing the request, deciding whether to provide the information sought, obtaining the document from the server, translating the document into TCP/IP protocol, sending the packets and awaiting confirmation of their arrival. Indeed, in a practical sense, Web sites are among the most active “users” of Internet access — their existence and utility depend on it, unlike humans. Therefore, we find as a matter of law that the DoubleClick-affiliated Web sites are “users” of Internet access under the ECPA. C. All of the communications Double-Click has accessed through its cookies have been authorized or have fallen outside of Title II’s scope. Because plaintiffs only allege that Doub-leClick accessed communications from plaintiffs to DoubleClick-affiliated Web sites, the issue becomes whether the Web sites gave DoubleClick adequate authorization under § 2701(c)(2) to access those communications. This issue, in turn, has two parts: (1) have the DoubleClick-affili-ated Web sites authorized DoubleClick to access plaintiffs’ communications to them?; and (2) is that authorization sufficient under § 2701(c)(2)? 1. The DoubleClick-affiliated Web sites have consented to DoubleClick’s interception of plaintiffs’ communications. A plaintiff cannot survive a motion to dismiss a Title II claim based solely on the naked allegation that defendant’s access was “unauthorized.” A plaintiff must, “allege! ] and proffer[ ] sufficient proofs to create a colorable claim that such access was ‘unauthorized.’ ” See Sherman & Co. v. Salton Maxim Housewares, Inc., 94 F.Supp.2d 817, 820-821 (E.D.Mich.2000) (denying motion to amend complaint because “proposed claim under the ECPA does not state a claim,” despite the fact plaintiff alleged access was unauthorized); cf. Hirsch v. Arthur Andersen & Co., 72 F.3d 1085 (2d Cir.1995) (“General, conclusory allegations need not be credited, however, when they are belied by more specific allegations of the complaint.”) (citation omitted). In the instant case, plaintiffs have proffered no proofs whatsoever to support their bare assertion that Double-click’s access was unauthorized. What is more, every fact they do allege supports the inference that the DoubleClick-affiliated Web sites did authorize DoubleClick’s access. Examining DoubleClick’s technological and commercial relationships with its affiliated Web sites, we find it implausible to infer that the Web sites have not authorized DoubleClick’s access. In a practical sense, the very reason clients hire Double-Click is to target advertisements based on users’ demographic profiles. DoubleClick has trumpeted this fact in its advertising, patents and Securities and Exchange filings. See infra notes 28-29 and accompanying text. True, officers of certain Web sites might not understand precisely how DoubleClick collects demographic information through cookies and records plaintiffs’ travels across the Web. However, that knowledge is irrelevant to the authorization at issue — Title II in no way outlaws collecting personally identifiable information or placing cookies, qua such. All that the Web sites must authorize is that Doub-leClick access plaintiffs’ communications to them. As described in the earlier section “Targeting Banner Advertisements,” the DoubleClick-affiliated Web sites actively notify DoubleClick each time a plaintiff sends them an electronic communication (whether through a page request, search, or GIF tag). The data in these notifications (such as the name of the Web site requested) often play an important role in determining which advertisements are presented to users. Plaintiffs have offered no explanation as to how, in anything other than a purely theoretical sense, the Doub-leClick-affiliated Web sites could have played such a central role in the information collection and not have authorized DoubleClick’s access. This purely theoretical possibility that a DoubleClick-affiliated Web site might have been so ignorant as to have been unaware of the defining characteristic of DoubleClick’s advertising service' — the service the Web site knowingly and purposely purchased — and its own role in facilitating that service, is too remote to be the basis for extensive and costly discovery of Doubleclick and its affiliates. Therefore, we find that the DoubleClick-affiliated Web sites consented to Double-Click’s access of plaintiffs’ communications to them. 2. Doubleclick is authorized to access plaintiffs’ GET, POST and GIF submissions to the DoubleClick-affiliat-ed Web sites. Plaintiffs’ GET, POST and GIF submissions to DoubleClick-affiliated Web sites are all “intended for” those Web sites. In the case of the GET and POST submissions, users voluntarily type-in information they wish to submit to the Web sites, information such as queries, commercial orders, and personal information. GIF information is generated and collected when users use their computer “mouse” or other instruments to navigate through Web pages and access information. Although the users’ requests for data come through clicks, not keystrokes, they nonetheless are voluntary and purposeful. Therefore, because plaintiffs’ GET, POST and GIF submissions to DoubleClick-affiliated Web sites are all “intended for” those Web sites, the Web sites’ authorization is sufficient to except DoubleClick’s access under § 2701(c)(2). S. To the extent that the Doubleclick cookies’ identification numbers are electronic communications, (1) they fall outside of Title II’s scope, and (2) DoubleClick’s access to them is otherwise authorized. Plaintiffs argue that even if Double-Click’s access to plaintiffs’ GET, POST and GIF submissions is properly authorized under § 2701(c)(2), the cookie identification numbers that accompany these submissions are not because they are never sent to, or through, the Web sites. However, this argument too is unavailing. (a) The Cookies’ identification numbers are not in “electronic storage” and therefore are outside Title II’s scope. Putting aside the issue of whether the cookie identification numbers are electronic communications at all, Doubleclick does not need anyone’s authority to access them. The cookies’ long-term residence on plaintiffs’ hard drives places them outside of § 2510(17)’s definition of “electronic storage” and, hence, Title II’s protection. Section 2510(17) defines “electronic storage” as: “(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and (B) any storage of such communication by an electronic communication service for the purpose of backup protection of such communication.” (emphasis added) Clearly, the cookies’ residence on plaintiffs’ computers does not fall into § 2510(17)(B) because plaintiffs are not “electronic communication service” providers. Section 2510(17)(A)’s language and legislative history make evident that “electronic storage” is not meant to include DoubleClick’s cookies either. Rather, it appears that the section is specifically targeted at communications temporarily stored by electronic communications services incident to their transmission — for example, when an email service stores a message until the addressee downloads it. The statute’s language explicitly refers to “temporary, intermediate” storage. Webster’s Dictionary defines “temporary” as “lasting for a limited time,” and “intermediate” as “being or occurring at the middle place.... ” Webster’s Third New International Dictionary 2353, 1180 (1993). In other words, Title II only protects electronic communications stored “for a limited time” in the “middle” of a transmission, i.e. when an electronic communication service temporarily stores a communication while waiting to deliver it. The legislative history reveals that Congress intended precisely this limited definition. In H. Rpt. 106-932 (2000), a House Report on a proposed amendment to Title II, the House Judiciary Committee explained that “ ‘(A)ny temporary, intermediate storage’ [in § 2510(17)(A) ] describes an e-mail message that is being held by a third party Internet service provider until it is requested to be read. ” Id. at note 6 (emphasis added). This definition is consistent with Congress’ statements in 1986, when it passed the ECPA. Sen. Rep. No. 99-541 (1986)’s entire discussion of Title II deals only with facilities operated by electronic communications services such as “electronic bulletin boards” and “computer mail facilities],” and the risk that communications temporarily stored in these facilities could be accessed by hackers. It makes no mention of individual users’ computers, the issue in the instant case. Finally, Senator Patrick Leahy, a sponsor of the ECPA in 1986, recently proposed an amendment to the definition of “electronic storage” meant to clarify its scope. He proposed amending 2510(17)(A) to read: (17) [“interim storage”] means- (A) “any temporary, intermediate storage [by an electronic communication service] of a wire or electronic communication incidental to the electronic transmission thereof ...” S. 106-3083, Sec. 3(a)(4) (2000). This amendment lends further support to the conclusion that Congress’ intent was to protect communications held in interim storage by electronic communication service providers. Turning to the facts of this case, it is clear that DoubleClick’s cookies fall outside § 2510(17)’s definition of electronic storage and, hence, § 2701’s scope. Plaintiffs plead that in contrast to most cookies’ ephemeral existence, Double-Click cookies remain on plaintiffs’ computers “for a virtually indefinite time period,” and that their indefinite existence is critical to their function. Amended Complaint at ¶ 68. In plain language, “indefinite” existence is the opposite of “temporary,” and the Doubleclick eook-ies’s residence on plaintiffs’ hard drives is certainly not an “intermediate” step in their transmission to another addressee. This plain language controls in the absence of any legislative history suggesting that Congress intended it to cover conduct like DoubleClick’s. Indeed, if § 2510(17) were interpreted in the manner plaintiffs advocate, Web sites would commit federal felonies every time they accessed cookies on users’ hard drives, regardless of whether those cookies contained any sensitive information. This expansive reading of a criminal statute runs contrary to the canons of statutory interpretation and Congress’ evident intent. See Jones v. United States, 529 U.S. 848, 120 S.Ct. 1904, 1907, 146 L.Ed.2d 902 (2000) (“Ambiguity concerning the ambit of criminal statutes should be resolved in favor of lenity [citation omitted], and when choice must be made between two readings of what conduct Congress has made a crime, it is appropriate, before choosing the harsher alternative, to require that Congress should have spoken in language that is clear and definite, [citation omitted]”); Lurie v. Wittner, 228 F.3d 113, 125-6 (2nd Cir.2000). Thus, because the cookies and their identification numbers are never in “electronic storage” under the ECPA, they are not protected by Title II and Doubleclick cannot be held liable for obtaining them. (b) If the Doubleclick cookies’ identification numbers are considered stored electronic communications, they are “of or intended for” Double-Click and DoubleClick’s acquisition of them does not violate Title II. Even if we were to assume that cookies and their identification numbers were “electronic communicationfs] ... in electronic storage,” DoubleClick’s access is still authorized. Section 2701(c)(2) excepts from Title II’s prohibition access, authorized by a “user,” to communications (1) “of’ (2) “or intended for” that user. In every practical sense, the cookies’ identification numbers are internal Doubleclick communications — -both “of’ and “intended for” Doubleclick. Doubleclick creates the cookies, assigns them identification numbers, and places them on plaintiffs’ hard drives. The cookies and their identification numbers are vital to Doubleclick and meaningless to anyone else. In contrast, virtually all plaintiffs are unaware that the cookies exist, that these cookies have identification numbers, that Doubleclick accesses these identification numbers and that these numbers are critical to Double-Click’s operations. In this sense, cookie identification numbers are much akin to computer bar-codes or identification numbers placed on “business reply cards” found in magazines. These bar-codes and identification numbers are meaningless to consumers, but are valuable to companies in compiling data on consumer responses (e.g. from which magazine did the consumer get the card?). Although consumers fill-out business reply cards and return them to companies by mail, the bar-codes and identification numbers that appear on the cards are purely internal administrative data for the companies. The cookie identification numbers are every bit as internal to Doub-leclick as the bar-codes and identification numbers are to business reply mailers. Therefore, it seems both sensible to consider the identification numbers to be “of or intended for” Doubleclick and bizarre to describe them as “of or intended for” plaintiffs. Accordingly, because the identification numbers are “of or intended for” Doubleclick, it does not violate Title II for Doubleclick to obtain them from plaintiffs’ electronic storage. To summarize, plaintiffs’ GET, POST and GIF submissions are excepted from § 2701(c)(2) because they are “intended for” the DoubleClick-affiliated Web sites who have authorized DoubleClick’s access. The cookie identification numbers sent to Doubleclick from plaintiffs’ computers fall outside of Title II’s protection because they are not in “electronic storage” and, even if they were, Doubleclick is authorized to access its own communications. In light of the above findings, we rule that all of plaintiffs’ communications accessed by Doubleclick fall under § 2701(c)(2)’s exception or outside Title II and, accordingly, are not actionable. Therefore, plaintiffs’ claim under the Title II (Claim I) is dismissed. Claim II. Wiretap Act Plaintiffs’ second claim is that Double-Click violated the Federal Wiretap Act (“Wiretap Act”), 18 U.S.C. § 2510, et seq. The Wiretap Act provides for criminal punishment and a private right of action against: “any person who—(a) intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept wire, oral, or electronic communication [except as provided in the statute].” 18 U.S.C. § 2511. For the purposes of this motion, Double-Click concedes that its conduct, as pled, violates this prohibition. However, Doub-leclick claims that its actions fall under an explicit statutory exception: “It shall not be unlawful under this chapter for a person not acting under color of law to intercept a wire, oral, or electronic communication where such person is a party to the communication or where one of the parties to the communication has given prior consent to such interception unless such communication is intercepted for the purpose of committing any criminal or tortious act in violation of the Constitution or laws of the United States or any State. ” 18 U.S.C. § 2511(2)(d) (“ § 2511(2)(d)”) (emphasis added). Doubleclick argues once again that the DoubleClick-affiliated Web sites have consented to its interceptions and, accordingly, that its conduct is exempted from the Wiretap Act’s general prohibition as it was from the Title II’s. Plaintiffs deny that the Web sites have consented and argue that even if the Web sites do consent, the exception does not apply because Double-Click’s purpose is to commit “criminal or tortious act[s].” As a preliminary matter, we find that the DoubleClick-affiliated Web sites are “parties to the communication[s]” from plaintiffs and have given sufficient consent to Doubleclick to intercept them. In reviewing the case law and legislative histories of Title II and the Wiretap Act, we can find no difference in their definitions of “user” (Title II) and “parties to the communication” (Wiretap Act) or “authorize” (Title II) and “consent” (Wiretap Act) that would make our analysis of the Web sites’ consent under Title II inapplicable to the Wiretap Act. See discussion supra Section 1(C). Therefore, the issue before us is: assuming that Doubleclick committed every act alleged in the Amended Complaint, could this evince a “criminal or tortious” purpose on DoubleChck’s part? In light of the DoubleClick-af-filiated Web sites’ consent, plaintiffs must allege “either (1) that the primary motivation, or (2) that a determinative factor in the actor’s [DoubleClick’s] motivation for intercepting the conversation was to commit a criminal [or] tortious ... act.” United States v. Dale, 991 F.2d 819, 841-42 (D.C.Cir.1993), cert. denied 510 U.S. 1030, 114 S.Ct. 650, 126 L.Ed.2d 607 (1993) 0quoting United States v. Vest, 639 F.Supp. 899, 904 (D.Mass.1986), aff'd, 813 F.2d 477 (1st Cir.1987)). However, in reviewing the sufficiency of plaintiffs’ allegations, we bear in mind that the mere existence of [a] lawful purpose alone does not “sanitize a[n interception] that was also made for an illegitimate purpose.” Sussman v. ABC, 186 F.3d 1200, 1202 (9th Cir.1999), cert denied, 528 U.S. 1131, 120 S.Ct. 970, 145 L.Ed.2d 841 (2000). Section 2511(2)(d)’s legislative history and caselaw make clear that the “criminal” or “tortious” purpose requirement is to be construed narrowly, covering only acts accompanied by a specific contemporary intention to commit a crime or tort. The Wiretap Act originally exempted from its prohibition any interception of a wire or oral communication where one of the parties to the communication consented. See 2 U.S.Code Cong. & Ad.News, 90th Cong., 2d Sess., p. 2182 (1968). However, Senator Phillip Hart objected that the exemption was too permissive because it conceivably allowed a party to intercept a communication for the purpose of breaking the law and injuring others. He feared that parties would use secret recordings for “insidious purposes such as blackmail, stealing business secrets, or other criminal or tortious aets in violation of Federal or State laws.” Id. at 2236. Senators Hart and McClellan proposed an amendment to narrow the exemption to acts with “criminal, tortious or injurious” purposes, part of which was enacted as § 2511(2)(d). The key distinction Senator Hart suggested should distinguish permissible from impermissible one-party consent recordings by private citizens was whether the defendant’s intent in recording was to injure another party. Compare 114 Cong.Rec. 14694-14695 (May 23, 1968) (“Such one-party consent is also prohibited when the party acts in any way with an intent to injure the other party to the conversation in any other way ... For example, ... for the purpose of blackmailing the other party, threatening him, or publicly embarrassing him”) witk S.Rep. No. 90-1097 (1968) at 2236-37 (“There are, of course, certain situations in which consensual electronic surveillances may be used for legitimate purposes ... [as with recordings made] without intending in any way to harm the nonconsenting party.”) (emphasis added). Thus, the legislative record suggests that the element of “tortious” or “criminal” mens rea is required to establish a prohibited purpose under § 2511(2)(d). Plaintiffs attempt to meet § 2511(2)(d)’s “purpose” requirement by arguing that their six non-Wiretap Act claims against Doubleclick “plead conduct that has underlying it a tortious purpose and/or that translates into tortious acts.” Plaintiffs’ Brief at 16. In other words, by virtue of its tortious acts, Doubleclick must have had a tortious purpose. Courts applying § 2511(2)(d) have consistently ruled that a plaintiff cannot establish that a defendant acted with a “criminal or tortious” purpose simply by proving that the defendant committed any tort or crime. Recently, in Sussmcm v. ABC, 186 F.3d 1200 (9th Cir.1999) (Ko-zisnki, J.), the Ninth Circuit addressed a case in which a plaintiff sued the American Broadcasting Companies, Inc. (“ABC”) under the Wiretap Act. The plaintiff argued that ABC could not avail itself of § 2511(2)(d) because the recording violated state privacy law and, therefore, ABC’s purpose was “tortious.” Judge Kozinski, writing for a unanimous panel, rejected plaintiffs argument and dismissed the Wiretap Act claim, explaining, “[U]nder section 2511, 'the focus is not upon whether the interception itself violated another law; it is upon whether the purpose for interception — its intended use — was criminal or tortious ...’ [citations omitted] Where the purpose [of a taping] is not illegal or tortious, but the means are, the victims must seek redress elsewhere ... Although ABC’s taping may well have been a tortious invasion under state law, plaintiffs have produced no probative evidence that ABC had an illegal or tortious purpose when it made the tape.” Id. at 1202. The Ninth Circuit ruled similarly in Deteresa v. ABC, 121 F.3d 460 (9th Cir.1997), holding, “Deteresa [plaintiff] contends that ‘Radziwill and ABC [defendants] were by the taping committing the aforesaid crimes and torts.’ This argument begs the question. For this claim to survive summary judgment, Deteresa had to come forward with evidence to show that Radziwill taped the conversation for the purpose of violating CaLPenal Code § 632, for the purpose of invading her privacy, for the purpose of defrauding her, or for the purpose of committing unfair business practices. The record is devoid of any such evidence.” Id. at 467, n. 4. The Seventh Circuit and Sixth Circuit have reached the same conclusion. In another case involving ABC, J.H. Desnick v. ABC, 44 F.3d 1345, 1353 (1995) (Posner, J.), the Seventh Circuit dismissed plaintiffs’ CFAA claims because they failed to allege that defendants’ purpose was tor-tious. Like Judge Kozisnki, Judge Posner held for a unanimous panel that the commission of a tortious act did not prove a tortious purpose. He found that (“[t]he defendants did not order the camera-armed testers into the Desnick Eye Center’s premises in order to commit a crime or tort. Maybe the program as it was eventually broadcast was tortious ... But there is no suggestion that the defendants sent the testers into the Wisconsin and Illinois officers for the purpose of defaming plaintiffs ... [defendants’ allegedly tortious act]”). Id. The Sixth Circuit similarly distinguished tortious conduct from purpose based on mens rea, stating: “ ‘It is the use of the interception with intent to ham rather than the fact of interception that is critical to liability....’” Boddie v. ABC, 881 F.2d 267, 270 (6th Cir.1989) (emphasis added) (quoting By-Prod Corp. v. Armen-Berry Co., 668 F.2d 956, 960 (7th Cir.1982)). A number of district courts have interpreted § 2511(2)(d) in the same manner. See, e.g., Medical Lab. Mgmt. Consultants v. ABC, 30 F.Supp.2d 1182, 1205 (D.Ariz.1998) (“[Plaintiffs] offer no support for the assertion that Defendants recorded the meeting for the purpose of committing a tort, which, as the statute indicates, is the proper focus of inquiry in a § 2511 claim. Even if Defendants were found liable for fraud, the question is not whether they are ultimately liable for conduct found to be tortious, but whether, at the time the recording took place, they recorded the conversation with the express intent of committing a tort.”); U.S. v. Kovolas, 1998 WL 452218,*4 (D.Mass. July 27, 1998) (“Kovolas argues that because the recording itself was made in violation of state law, it was made for the purpose of violating state law. The superficial logic of this argument has been rejected by at least one court [citation omitted] ... if state law were to render tortious conduct as defined by the very act of recording that Congress sought to permit, the provisions of § 2511(d) would be rendered meaningless.”); Roberts v. Americable Intl., Inc., 883 F.Supp. 499, 503 (E.D.Ca.1995) (finding no “tortious purpose” in case where “there is no evidence, nor even any allegations that [defendant’s] purpose in tape recording her supervisor was either criminal or tortious outside any allegations of violation of the [state] privacy laws.”); Payne v. Norwest Corp., 911 F.Supp. 1299, 1304 (D.Mont.1995), aff'd in part, rev’d in part and remanded on other grounds, 206 F.3d 92; United States v. DiFelice, 837 F.Supp. 81, 82 (S.D.N.Y.1993) (“Assuming that [the challenged] recordings violated Massachusetts law, that fact by itself does not establish that he intercepted the conversations ‘for the purpose of committing [a] criminal or tortious act ... ’ ”). Plaintiffs seek to distinguish the weight of these precedents from the instant case on the ground that the bulk of the above cases involved news gathering and that Congress and courts have excepted this conduct on First Amendment considerations. Specifically, they point to the 1986 amendment of § 2511(2)(d), in which Congress reacted to a Sixth Circuit decision, Boddie v. American Broadcasting Cos., 731 F.2d 333 (6th Cir.1984). When the Sixth Circuit decided Boddie, § 2511(2)(d)’s one-party consent exception did not apply to interceptions for the purpose of committing any “criminal, tortious, or other injurious act” (emphasis added). In Boddie, the Sixth Circuit ruled that the clause “other injurious act[s]” could provide a basis for holding defendants civilly liable, even when they had violated no civil or criminal law. Id. at 339. Congress worried that Boddie’s broad interpretation of “injurious” could facilitate “attempts by parties to chill the exercise of First Amendment rights through the use of civil remedies under [the Wiretap Act].” S.Rep. No. 99-541, at 17 (1986) (Congress emphasized that it did not want § 2511(2)(d) to be “a stumbling block in the path” of investigative journalists who record conversations). In response, it removed “injurious” from section § 2511(2)(d). Thus, the legislative history supports the contention that Congress struck “injurious” conduct from § 2511(2)(d)’s one-party consent exception partly out of concern for the press. See Medical Lab. Mgmt. Consultants, 30 F.Supp.2d 1182, 1205-06 (discussing legislative history of § 2511(2)(d) and Congress’ concern with protecting the media); Scott Golde, Media Organizations’ Exposure to Liability Under the Federal Wiretapping Act: The Medical Laboratory Management Consultants Case, 76 Wash. U.L.Q. 431, 435 (1998). However, plaintiffs overreach when they argue that Congress and the courts created a general rule that “tortious purpose” exists wherever an intentional action is later determined to have constituted a tort, save when journalism is involved. Although Congress deleted “injurious” purpose from § 2511(2)(d) partly out of concern for press freedom, it in no way indicated that the press enjoyed special standing under the remaining terms of § 2511(2)(d). Had Congress wished to confer special protection on the press, it could have done so explicitly. Courts interpreting § 2511 (2) (d) have drawn no distinction between media defendants and the general public. In cases involving media defendants, they have consistently grounded their demand for specific contemporary tortious or criminal purpose in § 2511(2)(d)’s general language and legislative history, not in an exception for the media. See Sussman v. ABC, 186 F.3d at 1202 (“If the district court interpreted section 2511 as containing a blanket exemption for journalists, we cannot agree. Congress could have drafted the statute so as to exempt all journalists from its coverage, but did not. Instead, it treated journalists just like any other party who tapes conversations surreptitiously.”) (emphasis added); J.H. Desnick v. ABC, 44 F.3d at 1353 (analysis did not rely on fact that recording was made for investigative reporting, only that its purpose was non-tor-tious); Deteresa v. ABC, 121 F.3d 460, 467, n. 4 (analysis underlying finding that ABC did not violate § 2511(2)(d) because it had no “tortious purpose,” in no way distinguished between media and non-media defendants). And in suits not involving journalism, courts have demanded evidence of the same tortious or criminal purpose. See, e.g., Roberts v. Ameñcable Intl., Inc., 883 F.Supp. at 503 (finding no tortious purpose for recording in a employment discrimination action because “[t]he facts do not show at this point that [plaintiff] tape recorded to extort or blackmail her supervisor or company, nor do the facts presently show that she engaged in tape recording to cause emotional distress.”); U.S. v. Kovolas, 1998 WL 452218 at *4 (criminal case with no media party involved); United States v. DiFelice, 837 F.Supp. at 82 (criminal case with no media party involved); see also, Thomas v. Pearl, 998 F.2d 447, 451 (7th Cir.1993) (in civil suit between basketball player and coach, Seventh Circuit held that “[Plaintiff] must show that [defendant] either intended to break the law or commit a tort against him in order to prove a violation of the federal statute.”). In the instant case, plaintiffs clearly allege that Doubleclick has committed a number of torts. However, nowhere have they alleged that DoubleClick’s “primary motivation” or a “determining factor” in its actions has been to injure plaintiffs tor-tiously. The Amended Complaint does not articulate any facts that could support an inference that Doubleclick accessed plaintiffs’ electronic communications with the “insidious” intent to harm plaintiffs or others. In fact, everything in the Amended Complaint suggests that Doubleclick has been consciously and purposefully executing a highly-publicized market-financed business model in pursuit of commercial gain — a goal courts have found permissible under § 2511(2)(d). Its technology and business strategy have been described, and indeed promoted, in the company’s Security and Exc