Beware of demand letters from plaintiffs’ attorneys for allegations of illegal use of pen registers, trap and trace pixels, and search bar pixels—why? This “trap and trace” litigation is a growing trend for plaintiffs’ attorneys because they can leverage existing wiretap laws (particularly in California under the California Invasion of Privacy Act (CIPA)) to argue that common online tracking technologies like cookies, pixels, and website analytics tools essentially function as trap and trace devices, allowing them to file complaints against companies for collecting user data without proper consent, even though these technologies were originally designed for traditional phone lines, not the internet, opening up a large pool of potential plaintiffs and potentially significant damages.
Section 638.51 of CIPA is the crux of these trap and trace claims. This provision addresses the unauthorized interception of electronic communications and prohibits the installation or use of a pen register or a trap and trace device without first obtaining a court order. Section 638.50(b) defines a pen register as a device or process that records or decodes “dialing, routing, addressing, or signaling information” (DRAS) transmitted by an instrument or facility from which a wire or electronic communication is sent, but does not include the contents of the communication itself. Section 638.50(c) defines a trap and trace device as a device or process that captures...
