Case Explained: Courts Expand ECPA Wiretapping Liability Through Crime-Tort Exception, Caren Decter, Peter Devlin – Legal Perspective

Two recent decisions signal judicial receptiveness to federal wiretapping claims based on the use of website tracking technologies—with significant implications for digital media and advertising companies, particularly those operating outside California.

Until recently, plaintiffs have focused their lawsuits on state wiretapping statutes that require two-party consent—e.g., the California Invasion of Privacy Act (“CIPA”). This is largely because the federal wiretapping statute, the Electronic Communications Privacy Act (“ECPA”), permits one-party consent to interception of communications. In other words, where one of the parties consents to the use of tracking technologies, there is no ECPA violation.

But in Semien v. PubMatic Inc. (N.D. Cal.) and Krzyzek v. OpenX Techs., Inc. (N.D. Cal.), both before Judge Illston, the court applied the ECPA’s crime-tort exception to override one-party consent. The crime-tort exception provides that consent is ineffective if “the communication is intercepted for the purpose of committing any criminal or tortious act.” 18 U.S.C. § 2511(2)(d).

What Happened in Semien and Krzyzek?

The plaintiffs in both cases alleged that the defendants—two data brokers operating adtech platforms—intercepted users’ web communications through tracking pixels and cookies embedded on third-party websites. The complaints asserted ECPA violations and common law invasion of privacy, among other claims, claiming that defendants collected browsing data (URLs, search queries, page content) without users’ knowledge or meaningful consent.

In both cases, Judge Illston held that the plaintiffs adequately alleged common law invasion of privacy under an intrusion-upon-seclusion theory. The courts then concluded that this tort triggered the ECPA’s crime-tort exception, allowing the ECPA claims to proceed notwithstanding the website operators’ consent. Because the defendants allegedly intercepted communications while committing the tort of invasion of privacy, Judge Illston reasoned, they could not invoke the one-party consent defense.

The Split: “Purpose” Versus “Effect”

Semien and Krzyzek directly conflict with Lakes v. Ubisoft, Inc., 777 F. Supp. 3d 1047, 1057 (N.D. Cal. 2025), and other federal court decisions in California. The Lakes court held—correctly, in our view—that the crime-tort exception requires that the defendant act “for the purpose of committing” a tortious act—not merely that the interception itself happens to constitute a tort. The statutory language demands purposeful intent, not incidental effect. The purpose of the alleged interception was not to invade a user’s privacy, but to profit, which is not tortious.

Semien and Krzyzek collapse this distinction. Under Judge Illston’s reasoning, conduct that amounts to invasion of privacy suffices, without requiring allegations that the defendant’s purpose was to commit a tort. This reading effectively rewrites the statute.

The Semien and Krzyzek defendants were data brokers allegedly aggregating consumer data across multiple websites to build behavioral profiles, while Lakes involved a video game publisher allegedly sharing data with third parties. Perhaps the courts found data broker conduct more objectionable. But these factual distinctions do not explain the fundamental legal disagreement over statutory interpretation.

What This Means

If Semien and Krzyzek gain traction, wiretapping claims become more viable nationwide. Website operators, ad tech platforms, and data brokers could face exposure in all fifty states under the federal wiretapping law, as well as state one-party consent wiretapping statutes with similar crime-tort exceptions.

Until the Ninth Circuit resolves this split, assume heightened risk. The difference between intercepting communications to commit a tort versus intercepting them in a way that constitutes a tort will determine whether consent defenses hold—and whether wiretapping litigation over website tracking technologies continues to proliferate nationwide.