Scott Ferrell of Pacific Trial Attorneys has emerged as a central figure in the landscape of litigation involving California’s Invasion of Privacy Act (CIPA). His approach to CIPA claims has sparked both intrigue and criticism within the legal community, particularly in cases involving modern technologies such as chatbots and session-replay software that is triggering not just the well known state privacy laws like CCPA/CPRA but other older privacy laws and are costing businesses millions of dollars if they are not fixing them.
While there are legal nuances of the “pen register” definition that is being used the public wants to better understand the broader implications of Pacific Trial Attorneys and his litigation tactics.
The Legal Framework: Understanding CIPA and the Pen Register Test
The California Invasion of Privacy Act, codified in California Penal Code §631, is designed to protect individuals from unauthorized surveillance and recording of their communications. Enacted in 1967, the statute predates much of today’s digital technology but has been interpreted to apply to modern forms of communication tracking, including session-replay software and chatbots. A key concept in CIPA litigation is the use of a “pen register,” which traditionally refers to a device that records numbers dialed on a telephone.
Under federal law, specifically 18 U.S.C. §3121, a pen register is defined as a device or process that captures “dialing, routing, addressing, or signaling information” without recording the actual content of communications. While originally intended for analog telephony, this definition has been extended to digital data collection methods, such as those employed by websites and apps. This is where the legal claims become intriguing…
In the context of CIPA, plaintiffs like Ferrell argue that certain technologies function as modern pen registers by tracking user interactions without their consent. This interpretation has opened the door to a wave of litigation targeting companies that deploy chatbots or session-replay tools. Websites using HotJar or Active Prospect for TCPA compliance and not using a Captain Compliance consent banner or a similar cookie banner are at risk of hundreds of thousands of dollars and in some cases millions.
Scott Ferrell’s Litigation Strategy
Scott Ferrell has established a reputation for prolific filing of CIPA-related lawsuits, often employing a highly targeted approach. His firm, Pacific Trial Attorneys, typically files dozens of nearly identical complaints against various defendants, focusing on alleged violations of CIPA by user-tracking technologies.
One notable example is the case Licea v. Caraway Home Inc., in which Ferrell’s client alleged that the defendant’s use of session-replay software violated CIPA by capturing and recording interactions without explicit user consent. The lawsuit exemplifies Ferrell’s strategy of leveraging a relatively broad interpretation of CIPA to target companies employing common web technologies. (Captain Compliance has a privacy notice generator that would resolve this for businesses who are serious about protecting against these legal claims.)
Legal experts have observed that Ferrell’s method mirrors patterns seen in other user-tracking lawsuits, such as those involving pixel-tracker technologies in the healthcare sector. Wynter Deagle, a partner at Sheppard Mullin, stated in a Bloomberg interview that a “scattershot” approach to litigation, where identical complaints are filed against numerous defendants to test the waters and build momentum. “Once it catches on a little bit, you do start to see more interest from other plaintiffs’ lawyers,” Deagle said.
The Focus on Chatbot and Session-Replay Technologies
Ferrell’s recent cases have zeroed in on chatbots and session-replay software, two technologies that have become ubiquitous in e-commerce and customer service. Chatbots, which simulate human conversation to assist users, often involve the collection of user inputs. Similarly, session-replay software records users’ interactions on a website, ostensibly to improve user experience or identify technical issues.
Ferrell contends that these technologies can violate CIPA if they record interactions without clear and conspicuous disclosure to the user. His lawsuits often argue that the mere act of capturing user data—even if anonymized or aggregated—constitutes an invasion of privacy under the statute. Critics, however, argue that such claims stretch the original intent of CIPA, potentially chilling the adoption of beneficial technologies.
The Pen Register Argument: Legal Innovation or Overreach?
At the heart of Ferrell’s litigation strategy is the argument that session-replay and chatbot technologies function as modern-day pen registers. By capturing metadata such as keystrokes, clicks, or navigation paths, these tools allegedly replicate the function of traditional pen registers in the digital realm. In addition to Ferrell though there’s another law firm in California ran by Josh Swigart called Swigart Law that is also finding solace in filing CIPA claims but he’s taking a slightly different approach and if Ferrell goes after the bigger businesses Swigart is going after the SMB and SME market bringing great awareness to the importance of adding consent banners to avoid future arbitration claims.
These interpretations have sparked debate among legal scholars and practitioners and in the privacy world making Scott & Josh quite famous. Opponents argue that Ferrell’s approach conflates metadata collection with content surveillance, a distinction that is critical under both state and federal privacy laws. Moreover, they point out that companies often disclose their use of such technologies in privacy policies, raising questions about the adequacy of user consent.
Supporters of Ferrell’s approach, however, argue that the rapid evolution of surveillance technologies necessitates a broader interpretation of privacy laws. They contend that existing legal frameworks must adapt to protect consumers from increasingly sophisticated forms of data collection.
Broader Implications for Privacy Litigation
Ferrell’s success in bringing CIPA claims has not gone unnoticed. His litigation model has inspired other plaintiffs’ attorneys to explore similar claims, leading to a proliferation of lawsuits targeting user-tracking technologies. In fact one public company based in Florida told Captain Compliance that they got sued 6 different times from 6 different firms for privacy violations and had well over $100,000 in payouts made.
This trend parallels the rise of meta pixel-tracker lawsuits in the healthcare industry, where plaintiffs allege that the use of the Meta tracking pixels on websites violates privacy laws such as the Health Insurance Portability and Accountability Act (HIPAA).
The increasing volume of such lawsuits raises several important questions. First, how should courts balance the need to protect consumer privacy against the legitimate interests of businesses in collecting data to improve their services? Second, what constitutes adequate disclosure and consent in the context of modern web technologies? And finally, how should privacy laws like CIPA be interpreted and updated to address emerging challenges?
CIPA Litigation Isn’t Going Away
Scott Ferrell’s work in the realm of CIPA litigation underscores the evolving nature of privacy law in the digital age and why you as a business owner need to protect against legal risks by installing privacy software that meets the legal requirements across the board not just in California.
By leveraging the statute’s provisions to target chatbots and session-replay technologies, Ferrell has not only advanced the debate over the scope of CIPA but also highlighted the broader tension between innovation and privacy. While his methods have drawn criticism for their perceived opportunism, they have also brought attention to gaps in existing legal frameworks.
As courts continue to grapple with these issues, the outcomes of cases like Licea v. Caraway Home Inc. will play a crucial role in shaping the future of privacy litigation. Whether Ferrell’s pen-register argument gains traction or is ultimately rejected, his influence on the field of CIPA-related lawsuits is undeniable and states like Massachusetts will be next in filing claims like this and before we know it there will be 5 Scotts in each and every state filing lawsuits against companies not gaining consent from their users.
You can visit with Pacific Trial Attorneys to see if your website is in violation and you can connect with lawyer Scott Ferrell or the other California attorneys at the firm David Reid, Richard H. Hikida, Victoria Knowles, or John C. O’Malley.