CARSTEN ROSENOW, Plaintiff, v. FACEBOOK, INC.; and YAHOO, INC., Defendants Case No.: 19-cv-1297-WQH-MMP United States District Court, S.D. California Filed March 28, 2025 Hayes, William Q., United States District Judge ORDER *1 The matters before the Court are the Motion to Dismiss Plaintiff's Second Amended Complaint (ECF No. 90) filed by Defendant Yahoo Holdings, Inc.[1] (“Yahoo”) and the Motion to Dismiss Plaintiff's Second Amended Complaint (ECF No. 91) filed by Defendant Meta Platforms, Inc. (“Facebook”).[2] I. BACKGROUND A. The Criminal Case On July 19, 2017, an information was filed charging Plaintiff Carsten Rosenow (“Rosenow”) with one count of travel with intent to engage in illicit sexual conduct in violation of 18 U.S.C. § 2423(b). United States v. Rosenow, S.D. Cal. Case No. 3:17-cr-01937-WQH, ECF No. 20. On October 19, 2017, a three-count indictment was filed charging Rosenow with one count of attempted sexual exploitation of a child in violation of 18 U.S.C. § 2251(c); one count of travel with intent to engage in illicit sexual conduct in violation of 18 U.S.C. § 2423(b); and one count of possession of images of minors engaged in sexually explicit conduct in violation of 18 U.S.C. § 2252(a)(4)(B), (b)(2). United States v. Rosenow, S.D. Cal. Case No. 3:17-cr-03430-WQH, ECF No. 1. On March 19, 2018, Rosenow filed a Motion to Suppress Evidence in his criminal case. Id., ECF No. 29. Rosenow moved the Court to suppress all the evidence against him pursuant to the Fourth Amendment of the United States Constitution, contending that “[u]ltimately, all of the evidence against Mr. Rosenow is the result of warrantless searches of his private communications [by Facebook and Yahoo]—searches that were ‘government action’ on these facts.” Id., ECF No. 29-1 at 9. On July 27, 2018 and August 8, 2018, the Court held an evidentiary hearing on Rosenow's Motion to Suppress Evidence. Id., ECF Nos. 72, 73. On September 10, 2018, Rosenow filed Supplemental Briefing in support of his Motion to Suppress Evidence. Id., ECF No. 76. On November 20, 2018, the Court issued an Order denying Rosenow's Motion to Suppress Evidence. Id., ECF No. 87. The Court found that Yahoo and Facebook were not government actors and that they had investigated Rosenow in their own interest, in accordance with their internal policies and procedures. Id., ECF No. 87 at 22–23. The Court found that law enforcement conducted its investigation independently of Yahoo and Facebook and utilized the information provided by Yahoo and Facebook in compliance with all applicable laws. Id., ECF No. 87 at 23. The Court further found that “Yahoo and Facebook reported information to the [National Center for Missing and Exploited Children (‘NCMEC’)] pursuant to applicable law based upon facts and circumstances supporting an apparent violation of child pornography laws.” Id. The Court considered and rejected Rosenow's argument that Facebook and Yahoo unlawfully disclosed Rosenow's private communications to NCMEC. See generally id. On August 30, 2019, a jury found Rosenow guilty of violating 18 U.S.C. § 2251(c) and (e) (attempted sexual exploitation of a child) and 18 U.S.C. § 2252(a)(4)(B) (possession of images of minors engaged in sexually explicit conduct). Id., ECF No. 198. On February 26, 2020, this Court sentenced Rosenow to a total of 300 months' imprisonment. Id., ECF No. 238. *2 On February 27, 2020, Rosenow filed a Notice of Appeal to the Court of Appeals for the Ninth Circuit. Id., ECF No. 239. On April 27, 2022, the Court of Appeals issued an opinion in the criminal appeal, affirming Rosenow's conviction. (See ECF No. 60.) On October 3, 2022, the Court of Appeals issued an order and an amended opinion in the criminal appeal. See United States v. Rosenow, 3:17-cr-03430-WQH, ECF No. 268. The opinion affirmed Rosenow's conviction and denied Rosenow's petitions for rehearing and rehearing en banc, stating that no further petitions for rehearing would be accepted. See id. On December 30, 2022, Rosenow filed a petition of certiorari to the Supreme Court of the United States. See id., ECF No. 269. On February 21, 2023, the Supreme Court denied Rosenow's petition for a writ of certiorari in his criminal appeal. Id., ECF No. 270. On April 25, 2023, Rosenow filed a Motion under 28 U.S.C. § 2255 to Vacate, Set Aside, or Correct a Sentence by a Person in Federal Custody (“Habeas Petition”), id., ECF No. 271, and a Motion for Leave to Conduct Discovery, id., ECF No. 272. On July 1, 2024, as relevant here, this Court denied the Habeas Petition and the Motion for Leave to Conduct Discovery. Id., ECF No. 294. On July 5, 2024, Rosenow filed a Notice of Appeal to the Court of Appeals for the Ninth Circuit regarding the Habeas Petition. Id., ECF No. 295. On March 10, 2025, the Court of Appeals issued an Order denying Rosenow's request for a certificate of appealability as to the denial of the Habeas Petition. Id., ECF No. 304. B. The Current Action On July 12, 2019, Rosenow, proceeding pro se, filed a Complaint against Defendants Facebook and Yahoo, (collectively, “Defendants”). (ECF No. 1.) On April 27, 2020, the Court issued an Order granting Defendants' Motions to Dismiss and dismissing the Complaint without prejudice. (ECF No. 15.) On October 21, 2020, Rosenow filed a First Amended Complaint (“FAC”) against Defendants. (ECF No. 29.) On March 15, 2021, Rosenow filed a Motion to Stay Proceedings. (ECF No. 47.) On April 8, 2021, the Court issued an Order in this action granting Rosenow's Motion to Stay Proceedings until the conclusion of his criminal appeal. (ECF No. 52.) On March 2, 2023, the Court issued an Order lifting the stay of proceedings in this action given the Supreme Court's and Ninth Circuit's rulings in Rosenow's criminal appeal. (ECF No. 70.) On March 25, 2024, the Court issued an Order granting Defendants' Motions to Dismiss and dismissing the FAC without prejudice. (ECF No. 88.) On May 10, 2024, Rosenow filed the operative Second Amended Complaint (“SAC”), alleging claims against Facebook and Yahoo arising from their investigations into his internet accounts and disclosure of his private communications to federal agencies. (SAC, ECF No. 89.) Rosenow asserts claims against Yahoo and Facebook for violations of the Stored Communications Act (“SCA”) and for negligence. Additionally, Rosenow brings a claim against Yahoo for violation of the Wiretap Act. Rosenow seeks general, compensatory, and consequential damages, punitive and exemplary damages, civil penalties, attorneys' fees and costs, and all other relief within the Court's jurisdiction. Id. at 80–81. *3 On May 28, 2024, Yahoo and Facebook filed respective Motions to Dismiss Plaintiff's Second Amended Complaint (the “Motions to Dismiss”). (ECF Nos. 90, 91.) On June 18, 2024, Rosenow filed a Consolidated Response in Opposition to Defendants' Motions to Dismiss (the “Opposition”). (ECF No. 94.) On June 21, 2024, Defendants filed an Ex Parte Joint Motion to Strike the Opposition and Alternative Request for an Extension to File Reply Briefs. (ECF No. 95.) On June 24, 2024, the Court issued an Order denying Defendants' request to strike the Opposition and granting Defendants' request to extend the deadline to file their replies. (ECF No. 96.) On June 27, 2024, Rosenow filed a Motion for Leave to Supplement Plaintiff's Opposition to the Defendants' Motion to Dismiss (the “Motion to Supplement”). (ECF No. 97.) On July 29, 2024, the Court issued an Order granting the Motion to Supplement and considering Plaintiff's proposed Supplemental Opposition (id. at 6–10) as timely filed as part of his Opposition. (ECF No. 100.) On July 19, 2024, Defendants filed Replies in support of their respective Motions to Dismiss. (ECF Nos. 98, 99.) II. ALLEGATIONS OF THE SECOND AMENDED COMPLAINT A. Allegations Against Yahoo “All events concerning this complaint occurred exclusively on the Yahoo Messenger Platform and exclusively on the downloadable Messenger client.” (SAC ¶ 21.) As recorded by the Yahoo USA Account Management Tool (“YAMT”), Rosenow opened his Yahoo email account, “europe_120@yahoo.com,” in the Philippines in April of 2008. Id. ¶ 16. Rosenow did not agree to any of Yahoo's terms of conditions or privacy policies. Id. ¶ 17. Yahoo maintains a department called the “Electronic Crimes Investigation Team” (“ECIT”) that is run by Sean Zadig (“Zadig”), a former law enforcement officer. Id. ¶¶ 29– 30. Zadig has maintained his relationships with law enforcement. Id. ¶ 32. In the summer of 2014, the United States Secret Service sponsored an “Electronic Crimes Task Force” conference that was attended by law enforcement agents and “their security counterparts at private corporations,” including Yahoo. Id. ¶¶ 84–85. At the conference, “employees of Xoom.com [(‘Xoom’)] (a money-transfer website) informed Yahoo [ ] of potentially criminal activities on its platform involving Philippines [sic] children.” Id. ¶ 87. Xoom subsequently provided Yahoo with ten CyberTipline Reports concerning Yahoo accountholders' involvement in these criminal activities, prompting Yahoo's ECIT to initiate its own investigation into the accounts. Id. ¶¶ 87–88. Yahoo's ECIT adopted a “scanning tool” from Yahoo's Content Moderation Team “to intercept messages while in transit and redirect, scan, store and read text messages of users connected to the ten accounts reported by Xoom.” Id. ¶ 90; see also id. ¶¶ 36–37, 49– 50, 129, 151. In October of 2014, Yahoo's ECIT “shared the information and profiles” from the approximately one thousand users that it uncovered during this investigation in a “supplemental report” and meeting with agents from NCMEC, the Federal Bureau of Investigations (“FBI”), and Homeland Security Investigation (“HSI”). Id. ¶¶ 92, 100–02. The report did not mention Rosenow. Id. ¶ 153. In response to these disclosures, the FBI and HSI “opened a formal investigation in November 2014 codenamed ‘Operation Swift Traveller [sic].’ ” Id. ¶ 155. *4 In November of 2014, ECIT identified Rosenow in a second investigation “through unknown means” and used the scanning tool to “intercept scan, store, and monitor all his communications.” Id. ¶¶ 160–62. In December of 2014, ECIT produced additional supplemental reports which implicated Rosenow “in traveling ‘many times’ internationally for the purpose of soliciting minors.” Id. ¶ 165. The reports included images of child pornography, information which could be used to identify Rosenow, and “snippets” of his chat conversations which were “sufficient to obtain the ‘gist’ of” his communications. Id. ¶¶ 92, 114–15, 165. ECIT shared the supplemental reports with NCMEC, the FBI, HSI, and the Department of Homeland Security (“DHS”) voluntarily and in violation of the law. Id. ¶¶ 165, 175 (implying that ECIT violated the law by disclosing reports that contained images of child pornography to organizations other than NCMEC); see also id. ¶¶ 52–53, 172, 190–91, 194, 196. “NCMEC did not generate a CyberTipline Report” for Rosenow after receiving the report in December of 2014. Id. ¶ 168. The Washington branch of the FBI forwarded the supplemental reports to an agent in its San Diego office, and “[t]he FBI San Diego opened a case against [Rosenow] upon receipt of the lead report.” Id. ¶¶ 178– 79. Between November 2015 and January 2016, the FBI attempted to obtain a search warrant for Rosenow's Yahoo accounts. Id. ¶ 180. In July of 2015, ECIT contacted the FBI to let them know that it was working on a new investigation in the Philippines that was discovered through “proactive scanning” but that it wouldn't be able to share more detailed information until it completed its investigation. Id. ¶ 182. In December of 2015, ECIT used a software tool typically “used for legal process” “when search warrants are issued” to pull Rosenow's full chat history concerning Rosenow's “abuse of specific children.” Id. ¶¶ 184–85, 187; see also id. ¶ 149. This investigation was completed without a search warrant and there was never an indication that Rosenow “was attempting to obtain or actually possessed any images of child pornography or that he violated any child pornography laws.” Id. ¶¶ 149, 186. That same month, ECIT sent NCMEC a “CyberTipline Report,” in which it voluntarily included Rosenow's messages with two Yahoo users, sonicegirl18 and clairesweet13. Id. ¶¶ 187, 190, 193. ECIT “did not notify NCMEC that the report was submitted pursuant to 18 U.S.C. § 2258A [(‘§ 2258A’)].” Id. ¶ 190. NCMEC then generated CyberTipline Report #7431977 for Rosenow, labeling the report incident type as “Child Sex Tourism.” Id. ¶ 192. In January of 2016, ECIT emailed NCMEC supplemental information pertaining to the Philippines investigation. Id. ¶ 194. Internal communications amongst NCMEC staff indicate that NCMEC did not have a “formal process for [providing law enforcement with] the supplement[al] information” ECIT provided. Id. ¶ 195. In February of 2016, ECIT violated § 2252A by sharing over two hundred CyberTipline Reports with FBI agents directly, outside the presence of NCMEC. Id. ¶¶ 196–97; see also id. ¶¶ 41, 117. Throughout its investigation, Yahoo never obtained consent from Rosenow to search his communications. Id. ¶¶ 25, 54. Yahoo never notified Rosenow about its review of his communications or the disclosure of his information to NCMEC, the FBI, HSI, or DHS. Id. ¶ 199; see also id. ¶¶ 45–47, 54. In fact, ECIT avoided issuing “legal process notifications” to prevent tipping off users and helping them evade capture. Id. ¶¶ 147–48. Rosenow did not learn of Yahoo's “warrantless searches of his accounts and the disclosure of the contents of those accounts until discovery was provided to him by the government in the months following the indictment.” Id. ¶ 311. Yahoo's “stated purpose in engaging in ‘proactive scanning’ of [Rosenow's] private electronic communications was to help the government get arrests and convictions and to stop the activity.” Id. ¶ 201. “Voluminous emails reveal the extent of [Yahoo's] collaboration and joint investigation” with the FBI and other government agencies. Id. ¶ 209; see also id. ¶¶ 210–15. All of Yahoo's disclosures to NCMEC concerning Rosenow were voluntary, as disclosures concerning child sex tourism can be made but are not required under the law. Id. ¶ 141; see also id. ¶¶ 43, 128–29, 138 n.30, 152, 165, 172, 190–91, 194. B. Allegations Against Facebook *5 “All activities related to this complaint occurred on Facebook's private messenger app.” Id. ¶ 227. Rosenow opened his “private” Facebook account, under the moniker “carlos.senta” in July of 2010 in either the United States or Germany. Id. ¶¶ 226, 230, 234. If he opened the account in the United States, Facebook's April 2010 Statements of Rights and Responsibilities (“SRR”) “would be the only terms [Rosenow] agreed to.” Id. ¶ 231. The SRR states that users “may also want to review” Facebook's Privacy and Data Use policy. Id. ¶¶ 232–33. If he opened his account in Germany, “a complete separate policy would govern the relationship between [Rosenow] and Facebook.” Id. ¶ 234. Facebook's Terms of Service (“TOS”) “generally states that Facebook can collect data and information” but also states that “the user owns all of the content and information and can control how they share it.” Id. ¶ 235. “Facebook's 2010 SRR does not include adequate notice that they would monitor, read, and voluntarily disclose communications to NCMEC or that they would search content upon receiving legal process from the government indicating ‘child exploitation.’ ” Id. ¶ 236. In early 2017, the FBI obtained Rosenow's Facebook information through unknown means, breathing “new life into an otherwise stalled investigation.” Id. ¶¶ 238–39. The FBI served Facebook with a preservation request under 18 U.S.C. § 2703(f) for Rosenow's Facebook account and notified Facebook that the FBI was investigating Rosenow for child exploitation. Id. ¶¶ 243–44. Facebook has a policy in place that “anytime law enforcement submits a subpoena or preservation request marked ‘child safety’ ... Facebook conducts a [limited] review of the account.” Id. ¶ 263. Thus, Facebook conducted a review of Rosenow's account. “Facebook ... willfully engaged in joint action with the government when it searched [Rosenow's] messages between January 2017 and April 2017, looked for messages of child exploitation[,] and reported them voluntarily to NCMEC.” Id. ¶ 253. Facebook provided the FBI “with notice about child sex exploitation messages” “including a message exchange between [Rosenow] and [an alleged minor] on March 7–8, 2017.” Id. ¶ 255. The disclosure of these messages triggered the FBI “to issue a subpoena to Facebook” for Rosenow's account on March 15, 2017. Id. ¶ 256. On March 25, 2017, Facebook notified Rosenow of the subpoena for his account and seized its contents, but Facebook “never notified [Rosenow] that it was reading and reviewing his private” communications. Id. ¶¶ 272, 301. “Upon belief and information [the FBI and Facebook] conspired to preserve [Rosenow's] account on March 25, 2017[,] upon obtaining knowledge about [Rosenow's] alleged child exploitation message with [a minor] and the fact that Facebook intended to disclose the subpoena to Plaintiff on March 25, 2017.” Id. ¶ 275. Facebook did not terminate Rosenow's account following the March 25, 2017 search. Id. ¶ 276. In April of 2017, Facebook searched Rosenow's account again. Id. ¶ 277. On May 1, 2017, a Facebook employee “intentionally and voluntarily reported to NCMEC [Rosenow's] private messages” “stating that he had discovered evidence of alleged ‘Child Sex Tourism’ in [Rosenow's] account.” Id. ¶ 278. “No facts or circumstances of violations of child pornography laws were mentioned in” the reports to NCMEC, and Facebook did not indicate that the tips were made pursuant to § 2258A. Id. ¶ 281; see also id. ¶¶ 292–95. Rather, these reports contained information that was not required by NCMEC but was voluntarily provided, such as “the reported date of birth of the minor victims and extensive private communications with four individuals located in the Philippines.” Id. ¶ 283; see also id. ¶ 299. After its own investigation, NCMEC classified the incident type as child sex tourism and issued CyberTipline Report #20711118. Id. ¶ 285. That same day, NCMEC sent an email to the FBI classifying CyberTipline Report #20711118 as a “priority 2 escalated report” and explaining that the account user “ ‘appears to be going abroad to engage in sexual activities with underage girls in exchange for money.’ ” Id. ¶ 298. *6 On May 4, 2017, Facebook closed Rosenow's account. Id. ¶ 279. Facebook “knowingly and intentionally” searched Rosenow's account without his consent and “with malicious and illegal motives” “for the purpose of providing probable cause for arrest and prosecution and to stop” Rosenow's activity. Id. ¶¶ 257, 260, 299. Facebook neither informed Rosenow of its searches nor sought his consent to them, nor did it notify him of any TOS violations. Id. ¶¶ 300–03. As a result of these searches, the government obtained information that led it to issue arrest and search warrants against Rosenow. Id. ¶ 306. Rosenow did not learn of “Facebook's warrantless searches of his accounts and the disclosure of the contents of those accounts until discovery was provided to him by the government in the months following the indictment.” Id. ¶ 311. During litigation of the criminal case, Facebook and the government “conspired to withhold material evidence” to avoid “impeachment of [Facebook employee] Jason Berry.” Id. ¶¶ 312–13. III. CONTENTIONS Yahoo and Facebook contend that Rosenow's SCA claim fails because their disclosures were proper under the SCA's exceptions for (1) reports to NCMEC, (2) user consent, and (3) protecting the rights of the provider. Yahoo contends that Rosenow's Wiretap Act claim should be dismissed because his allegations that Yahoo intercepted his communications are too conclusory. Yahoo additionally contends that, even if Rosenow sufficiently alleges an “interception,” Yahoo's actions fall within two exceptions to the Wiretap Act: (1) consent and (2) protecting the rights of the provider. Yahoo and Facebook additionally contend that Rosenow's SCA claims fail because in making their disclosures, they acted in good faith reliance on statutory authorization. Yahoo contends the same for Rosenow's Wiretap Act claim. Yahoo and Facebook contend that Rosenow's negligence claim fails because he does not allege sufficient facts to establish that they owed him a legal duty. Yahoo and Facebook contend that Rosenow's claims are time-barred and constitute an impermissible collateral attack on his conviction, barred by the doctrine of collateral estoppel. Rosenow contends that the SCA and Wiretap Act exceptions invoked by Defendants are inapplicable because they are “general exceptions” whereas both Acts contain more “specific exceptions” that preclude Defendants' reliance on them. Alternatively, Rosenow contends that he did not consent to Yahoo's or Facebook's disclosures to government agencies or Yahoo's interception of his communications. Rosenow contends that Defendants' good-faith arguments should be rejected. Rosenow contends that he adequately states a claim for Yahoo's violations of the Wiretap Act because his allegations that Yahoo used an “automated content scanning tool” give rise “to a ‘plausible inference’ that Yahoo violated the Wiretap Act.” Rosenow contends he adequately alleges negligence claims against Defendants because he has shown that Defendants breached their duties to comply with the Electronic Communications Privacy Act and their own privacy policies and terms of service. Rosenow contends that his claims were timely filed upon discovering Defendants' disclosures during the discovery phase of his criminal trial. Rosenow contends that Heck v. Humphrey does not bar his claims and that they are not precluded by collateral estoppel or res judicata. IV. LEGAL STANDARD *7 Rule 12(b)(6) of the Federal Rules of Civil Procedure permits dismissal for “failure to state a claim upon which relief can be granted.” To state a claim for relief, a pleading “must contain ... a short and plain statement of the claim showing that the pleader is entitled to relief.” Fed. R. Civ. P. 8(a)(2). Dismissal under Rule 12(b)(6) “is proper only where there is no cognizable legal theory or an absence of sufficient facts alleged to support a cognizable legal theory.” Shroyer v. New Cingular Wireless Servs., Inc., 622 F.3d 1035, 1041 (9th Cir. 2010) (quotation omitted). “To survive a motion to dismiss, a complaint must contain sufficient factual matter, accepted as true, to ‘state a claim to relief that is plausible on its face.’ ” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) (quoting Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007)). “A claim has facial plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Id. (citation omitted). However, “a plaintiff's obligation to provide the ‘grounds’ of his ‘entitle[ment] to relief’ requires more than labels and conclusions, and a formulaic recitation of the elements of a cause of action will not do.” Twombly, 550 U.S. at 555 (alteration in original) (quoting Fed. R. Civ. P. 8(a)). A court is not “required to accept as true allegations that are merely conclusory, unwarranted deductions of fact, or unreasonable inferences.” Sprewell v. Golden State Warriors, 266 F.3d 979, 988 (9th Cir. 2001). “In sum, for a complaint to survive a motion to dismiss, the non-conclusory factual content, and reasonable inferences from that content, must be plausibly suggestive of a claim entitling the plaintiff to relief.” Moss v. U.S. Secret Serv., 572 F.3d 962, 969 (9th Cir. 2009) (quotation omitted). “When ruling on a Rule 12(b)(6) motion to dismiss, if a district court considers evidence outside the pleadings, it must normally convert the 12(b)(6) motion into a Rule 56 motion for summary judgment, and it must give the nonmoving party an opportunity to respond.” United States v. Ritchie, 342 F.3d 903, 907 (9th Cir. 2003) (citing Fed. R. Civ. P. 12(b)). However, a court may “consider certain materials—documents attached to the complaint, documents incorporated by reference in the complaint, or matters of judicial notice—without converting the motion to dismiss into a motion for summary judgment.” Id. (citing Van Buskirk v. CNN, 284 F.3d 977, 980 (9th Cir. 2002); Barron v. Reich, 13 F.3d 1370, 1377 (9th Cir. 1994)). Where the documents are not physically attached to the complaint, they may be considered if the documents' “authenticity ... is not contested” and “the plaintiff's complaint necessarily relies” on them. Parrino v. FHP, Inc., 146 F.3d 699, 705–06 (9th Cir. 1998) (quotation omitted); see also Ritchie, 342 F.3d at 908 (“Even if a document is not attached to a complaint, it may be incorporated by reference into a complaint if the plaintiff refers extensively to the document or the document forms the basis of the plaintiff's claim. The defendant may offer such a document, and the district court may treat such a document as part of the complaint, and thus may assume that its contents are true for purposes of a motion to dismiss under Rule 12(b)(6).”); see also Knievel v. ESPN, 393 F.3d 1068, 1076 (9th Cir. 2005) (“We have extended the ‘incorporation by reference’ doctrine to situations in which the plaintiff's claim depends on the contents of a document, the defendant attaches the document to its motion to dismiss, and the parties do not dispute the authenticity of the document, even though the plaintiff does not explicitly allege the contents of that document in the complaint.”). *8 Judicial notice under Federal Rule of Evidence 201 permits a court to notice an adjudicative fact if it is “not subject to reasonable dispute.” Fed. R. Evid. 201(b). A fact is “not subject to reasonable dispute” if it is “generally known,” or “can be accurately and readily determined from sources whose accuracy cannot reasonably be questioned.” Khoja v. Orexigen Therapeutics, Inc., 899 F.3d 988, 999 (9th Cir. 2018) (quoting Fed. R. Evid. 201(b)(1)–(2)); see also Reyna Pasta Bella, LLC v. Visa USA, Inc., 442 F.3d 741, 746 n.6 (9th Cir. 2006) (explaining that courts “may take judicial notice of court filings and other matters of public record” because such documents are “are readily verifiable and, therefore, the proper subject of judicial notice”). V. DISCUSSION A. Stored Communications Act Claims The SCA, which is Title II of the Electronic Communications Privacy Act (“ECPA”), broadly prohibits providers of electronic communication and remote computing services from “divulg[ing] to any person or entity the contents” of electronically stored communications, records, and other information. 18 U.S.C. § 2702(a).[3] However, the SCA provides numerous exceptions to this prohibition. Section 2702(b) outlines eight circumstances under which a provider “may divulge the contents of a communication” and § 2702(c) describes seven circumstances under which a provider may divulge non-content information—that is, any “record or other information pertaining to a subscriber to or customer of such service.” Id. § 2702(b), (c). As relevant here, under § 2702(b)(6) and (c)(5), a provider may disclose customers' communications or records “to [NCMEC], in connection with a report submitted thereto under section 2258A.” Id. § 2702(b)(6), (c)(5). Additionally, § 2702(b) and (c) permit the disclosure of customers' communications or records “with the lawful consent of the originator” or “as may be necessarily incident to the rendition of the service or to the protection of the rights or property of the provider of that service.” Id. § 2702(b)(3), (b)(5), (c)(2), (c)(3). Rosenow asserts his second and third causes of action against Defendants, respectively, for violations of the SCA. Rosenow alleges that Yahoo and Facebook “voluntarily, unlawfully[,] and knowingly accessed and divulged” his communications and personal identifying information to government agencies in violation of 18 U.S.C. § 2702 (“§ 2702”). (SAC ¶¶ 383–90, 416–21.)[4] Yahoo and Facebook contend that their disclosures were lawful under the SCA's exceptions for: (1) reports to NCMEC, (2) user consent, and (3) protection of the provider's rights. 1. Application of the Exceptions in General *9 Rosenow contends that Defendants cannot rely on the exceptions under § 2702(b) and (c) because they are merely “general exceptions,” whereas more specific provisions govern how government entities may obtain information and content from electronic service providers (“ESPs”) through legal processes. (ECF No. 94 at 14–15.) Rosenow contends that these specific provisions (18 U.S.C. §§ 2703; 2016; 2517; 2702(b)(6), (b)(7), (b)(8), (c)(3); 2511(3)(b)(iv)) reflect Congress's deliberate intent to regulate such disclosures explicitly, making the general exceptions (§§ 2702(b)(3), (b)(5), (b)(6), (c)(2), (c)(3), (c)(5); 2258A(a)) inapplicable in this context. Id. Rosenow correctly observes that courts frequently apply a canon of statutory interpretation in which “the specific governs the general” when interpreting statutes such as the SCA. RadLAX Gateway Hotel, LLC v. Amalgamated Bank, 566 U.S. 639, 645 (2012) (citations and quotations omitted); see, e.g., ECF No. 94 at 14–15, 19. However, as RadLAX explains, this canon is invoked only when a general provision either contradicts or renders superfluous a specific provision. Id. Here, none of the “general exceptions” identified by Rosenow contradict or nullify the more “specific exceptions.” For example, § 2702(b)(3), which permits disclosure of electronic communications “with the lawful consent of the originator,” does not conflict with or render superfluous exceptions such as § 2702(b)(7), which explicitly permits disclosure to law enforcement agencies when a service provider inadvertently obtains a communication that appears to pertain to a crime. The mere fact that a disclosure might fall under multiple exceptions does not create a conflict or redundancy. An ESP may disclose information to law enforcement agencies both because it has the user's consent and because the communication was inadvertently obtained and appears to relate to criminal activity—regardless of whether the user consented. Each exception serves a distinct function within the statutory framework. In Meta Platforms, Inc. v. District of Columbia, the District of Columbia Court of Appeals considered whether § 2703—which permits government actors to compel the disclosure of the contents of wire or electronic communications “only pursuant to a warrant”—precluded the government from relying on the exceptions outlined in § 2702(b). 301 A.3d 740, 749 (D.C. Cir. 2023). The court concluded that “Congress provided the government with an additional tool to compel disclosures that no private party has; it did not erect an obstacle to disadvantage the government from compelling information that a private party could obtain.” Id. at 750. Accordingly, “when a § 2702(b) exception applies to lift the bar on disclosure, it would make no sense if the government's additional grant of authority [(§ 2703)] could be weaponized against it.” Id. The Court finds that this reasoning is persuasive and provides additional support that Congress did not intend for the principle that the “specific governs the general” to prevent ESPs from relying on the exceptions found in § 2702(b) and (c) when disclosing information to governmental agencies. Accordingly, Rosenow's contention lacks merit, and the Court will consider whether Defendants' actions fall within the exceptions to the SCA defined by § 2702(b)(3), (b)(5), (b)(6), (c)(2), (c)(3), (c)(5). 2. Reports to NCMEC Section 2702(b) and (c) provide an exception for disclosures of communications and customer records to NCMEC, “in connection with a report submitted thereto under section 2258A.” 18 U.S.C. § 2702(b)(6), (c)(5). *10 18 U.S.C. § 2258A “requires ESPs to report ‘any facts or circumstances from which there is an apparent violation of' specified criminal offenses involving child pornography.” United States v. Rosenow, 50 F.4th 715, 725 (9th Cir. 2022) (emphasis added) (quoting 18 U.S.C. § 2258A(a)(1)–(2)). Section 2258A states that a provider that “obtains actual knowledge of any facts or circumstances” from which there is “an apparent violation” of a federal child sexual exploitation law “that involves child pornography” shall: (A) provide to the CyberTipline of the National Center for Missing and Exploited Children, or any successor to the CyberTipline operated by such center, the mailing address, telephone number, facsimile number, electronic mail address of, and individual point of contact for, such electronic communication service provider or remote computing service provider; and (B) make a report of such facts or circumstances to the CyberTipline, or any successor to the CyberTipline operated by such center. 18 U.S.C. § 2258A(a)(1)(A)–(B), (a)(2) (2008).[5] The report “may include the following information”: (1) Information about the involved individual.-- Information relating to the identity of any individual who appears to have violated a Federal law described in subsection (a)(2), which may, to the extent reasonably practicable, include the electronic mail address, Internet Protocol address, uniform resource locator, or any other identifying information, including self-reported identifying information. (2) Historical reference.--Information relating to when and how a customer or subscriber of an electronic communication service or a remote computing service uploaded, transmitted, or received apparent child pornography or when and how apparent child pornography was reported to, or discovered by the electronic communication service provider or remote computing service provider, including a date and time stamp and time zone. (3) Geographic location information.-- (A) In general.--Information relating to the geographic location of the involved individual or website, which may include the Internet Protocol address or verified billing address, or, if not reasonably available, at least 1 form of geographic identifying information, including area code or zip code. (B) Inclusion.--The information described in subparagraph (A) may also include any geographic information provided to the electronic communication service or remote computing service by the customer or subscriber. (4) Images of apparent child pornography.--Any image of apparent child pornography relating to the incident such report is regarding. (5) Complete communication.--The complete communication containing any image of apparent child pornography, including-- (A) any data or information regarding the transmission of the communication; and (B) any images, data, or other digital files contained in, or attached to, the communication. Id. § 2258A(b). After NCMEC reviews any report, it is required to provide the report to federal or state law enforcement. Id. § 2258A(c). Rosenow contends that Defendants exceeded their authority under 18 U.S.C. § 2258A by reporting his communications to NCMEC, asserting that the statute limits such reports to communications containing images of child pornography. (ECF No. 94 at 19.) Because his communications did not contain or involve child pornography, he contends that Defendants' disclosures fell outside the statute's scope. Id. at 19–20. *11 The Court has considered these same allegations on several occasions, including in Rosenow's criminal case.[6] After substantial briefing and an evidentiary hearing in the criminal case, the Court determined that, “[t]he record shows that Yahoo and Facebook reported information to NCMEC pursuant to applicable law based upon facts and circumstances supporting an apparent violation of child pornography laws.” United States v. Rosenow, 3:17-cr-03430-WQH, ECF No. 87 at 23. Rosenow's conviction in the criminal case was affirmed on appeal, and the Supreme Court denied his petition for certiorari. This civil action would require this Court to reconsider its Order on Rosenow's Motion to Suppress Evidence in his criminal case and would “necessarily require [Rosenow] to prove the unlawfulness of his conviction or confinement.” Heck v. Humphrey, 512 U.S. 477, 487 (1994). A civil tort action is “not [an] appropriate vehicle[ ] for challenging the validity of outstanding criminal judgments ....” Id. Rosenow's contention that Heck “cannot apply to any civil suit” “[u]ntil the final decision in his habeas corpus petition is issued,” (ECF No. 94 at 42), is without merit. “[I]t is well-settled that ‘the preclusive effects of a lower court judgment simply cannot be suspended by taking an appeal that remains undecided.’ ” SEC v. Mogler, No. CV-15-01814-PHX-SPL, 2020 WL 1065865, at *4 (D. Ariz. Mar. 5, 2020) (quoting Hawkins v. Risley, 984 F.2d 321, 324 (9th Cir. 1993)) (citations omitted). In any event, after briefing concluded, the Ninth Circuit denied Rosenow's request for a certificate of appealability as to this Court's denial of Rosenow's Habeas Petition. As to Rosenow's allegations and contentions that Defendants' disclosures were unlawful because his accounts did not contain photographs of or involve child pornography, the Ninth Circuit addressed this same issue when considering whether there was probable cause for a search warrant issued in the criminal case. The Ninth Circuit considered Rosenow's argument that the government lacked probable cause because the government's search warrant “did not include any images of child pornography or any reasonable factual descriptions of such images.” Rosenow, 50 F.4th at 738. On this issue, the Ninth Circuit explained as follows: *12 [T]he government's affidavit included excerpts from Rosenow's messages with adolescent girls in the Philippines, demonstrating that he took and kept illicit pictures and videos of his sex tourism. For example, in one of Rosenow's Facebook chats, he sends a girl nude photos he had previously taken of her and states, “I am always looking at your pictures on my phone ... and I want more.” In another chat, he negotiates sex acts with a girl and states, “baby, I want to take a video too.” The affidavit also described Yahoo's internal investigation and the resulting findings that Rosenow was negotiating, purchasing, and producing images and videos of child sexual exploitation, as well as the information that Facebook reported to NCMEC after searching Rosenow's accounts. These descriptions include an account of Rosenow's communications with girls in the Philippines, wherein Rosenow describes in graphic detail the sexual activities that he wanted to do with them and confirms that he wanted to record those activities. ... Thus, we conclude, as did the district court, that the affidavit supporting the search warrant established a “fair probability” that child pornography would be found on Rosenow's electronic devices. Id. at 738–39. In the Court's prior Order, the Court elaborated on the information contained within the CyberTipline Reports—the same Reports that are again before the Court: In the December 2, 2015, CyberTipline Report, Yahoo provided NCMEC with the contents of Rosenow's messages in which Rosenow appeared to be making arrangements to pay young girls ages eight to sixteen in the Phillippines for sex. (See generally, USA v. Rosenow, 3:17-cr-03430-WQH, Ex. 8, ECF No. 49-8). In the Yahoo messages, Rosenow requested pictures of the young girls. (See id. at 10 (“do you have pics”); Id. at 12 (“if you can send pic or show me before I can pick”); Id. at 13 (“can I see them now;” “can I see the girls first here in [Yahoo Messenger]”)). In the April 28, 2017, CyberTipline Report, Facebook provided NCMEC with the contents of Rosenow's messages in which Rosenow appeared to be making arrangements to pay young girls in the Philippines for sex. (See generally, Ex. 5, Declaration of Christin J. Hill in Support of Facebook's Motion to Dismiss, ECF No. 7-3). The messages contained three images Rosenow described in the message as “naked pic[s].” (Id. at 79). (ECF No. 15 at 12.) Based upon the contents of the CyberTipline Reports and Ninth Circuit precedent, the Court finds that Defendants obtained knowledge of facts or circumstances indicating “apparent” violations by Rosenow of the federal child sexual exploitation laws involving child pornography and were therefore required to disclose his communications under § 2258A and are exempted from SCA liability under § 2702(b)(6) and (c)(5). 18 U.S.C. §§ 2258A(a); 2702(b)(6), (c)(5). Rosenow's contentions that Defendants' disclosures pursuant to § 2258A were unlawful because the disclosures involved sex tourism and did not involve child pornography are without merit, as § 2258A specifically applies to “apparent violations” that “involve[ ] child pornography” and does not necessarily require evidence of a clear violation. Rosenow also appears to contend that the First Amendment negates the exceptions under § 2702(b) and (c) for reports to NCMEC because “unlike child pornography, nude photos of children receive First Amendment protection” and that to “qualify as any crime related to child-pornography ... messages without images must ‘actually depict’ ” “ ‘the sex act rather than merely the suggestion that it is occurring.’ ” (ECF No. 94 at 21 (first citing New York v. Ferber, 458 U.S. 747, 764–65 (1982); then quoting United States v. Williams, 553 U.S. 285, 297 (2008)).) *13 Rosenow's contention that his messages were protected under the First Amendment is immaterial, because the SCA permits disclosure of any communication—regardless of whether it is constitutionally protected speech—so long as the disclosure falls within a statutory exception. To find otherwise would render the exceptions to the SCA meaningless, as nearly all speech is constitutionally protected. See United States v. Alvarez, 617 F.3d 1198, 1205 (9th Cir. 2010) (stating that the Constitution “presumptively protect[s] all speech against government interference”), aff'd, 567 U.S. 709 (2012). Accordingly, the Court finds that Yahoo's and Facebook's disclosures to NCMEC were lawful under § 2702(b)(6) and (c)(5). 3. User's Consent The SCA allows an ESP to “divulge the contents of a communication” or “record” “with the lawful consent of the originator or an addressee or intended recipient of such communication” or “record.” 18 U.S.C. § 2702(b)(3), (c)(2). The SCA does not define “lawful consent” or describe how it may be established. In re JSC Com. Bank Privatbank, No. 21-mc-80216-VKD, 2021 WL 4355334, at *5 (N.D. Cal. Sept. 24, 2021). Rosenow alleges that Yahoo “did not explicitly notify” him of, and he did not consent to, ECIT's “repeated[ ] disclos[ures] [of] his personal information and private communication[s] to law enforcement agencies” and NCMEC. (SAC ¶¶ 46–47.) Rosenow alleges that he “never consented to [Facebook's] search of his accounts or to the disclosure of his private communications for law enforcement purposes.” Id. ¶ 303. Yahoo and Facebook contend that Rosenow consented to their disclosures by agreeing to their respective privacy policies. Rosenow contends that Defendants cannot invoke the consent exception because he never consented to their disclosures to government entities. (ECF No. 94 at 22.) Relying on contracts principles, Rosenow contends that Defendants bear the burden of proving he consented to their disclosures and that neither has met this burden. Id. at 23 (citing Stover v. Experian Holdings, Inc., 978 F.3d 1082 (9th Cir. 2020)). As to Yahoo, in assessing whether its searches involved sufficient government participation to trigger Fourth Amendment protections, the Ninth Circuit concluded that “Yahoo's conduct was permissible ... [as] Yahoo had a contractual right under the terms of its privacy policy, to which Rosenow agreed, ‘to investigate, prevent, or take action regarding illegal activities’ or ‘violations of Yahoo's terms of use.’ ” Rosenow, 50 F.4th at 732 (emphasis added). Rosenow is thus collaterally estopped from relitigating this issue. Accordingly, Yahoo's disclosures were lawful under the SCA's consent exception. As to Facebook, Rosenow's allegations create ambiguity concerning whether he opened his Facebook account in the United States—in which case the “2010 SRR would be the only terms [he] agreed to,” (SAC ¶¶ 230–31)—or in Germany, where “a complete separate policy would govern [his] relationship [with] [ ] [ ] Facebook,” id. ¶ 234. The Court takes judicial notice of Facebook's 2010 SRR (ECF No. 91-2) which is incorporated by reference into the SAC. (See SAC ¶ 231 (“Facebook's April 2010 SRR would be the only terms Plaintiff agreed to if he opened his account in the USA.”).) The 2010 SRR states that “[c]ertain specific terms [ ] apply only for German users.” (ECF No. 91-2 at 4.) The Court takes judicial notice of these German-specific terms (ECF Nos. 99-2 & 99-4), which Rosenow characterized as a “complete separate policy” in the SAC. (SAC ¶ 234.) The Court finds that the German-specific terms modify the 2010 SRR but do not pertain to the issue of whether Rosenow consented to Facebook's disclosures.[7] Therefore, the Court considers only Facebook's 2010 SRR in its analysis. *14 Despite Rosenow's allegation that “[t]he 2010 SRR does not incorporate the Privacy or Data Policy,” (SAC ¶ 233), this Court finds that Facebook's 2010 SRR incorporates its Privacy Policy, published in April of 2010. (Compare ECF No. 91-2 (encouraging users to review its Privacy Policy in at least three instances), with Calhoun v. Google LLC, 526 F. Supp. 3d 605, 621 (N.D. Cal. 2021) (finding that Google's Terms of Service did not incorporate its Privacy Policy where it explicitly stated “[a]lthough [the Privacy Policy] is not a part of these terms, we encourage you to read it ....”).) Accordingly, the Court finds that Rosenow consented to the terms of Facebook's 2010 Privacy Policy, which contains the following language: We may also share information when we have a good faith belief it is necessary to prevent fraud or other illegal activity, to prevent imminent bodily harm, or to protect ourselves and you from people violating our Statement of Rights and Responsibilities. This may include sharing information with other companies, lawyers, courts or other government entities. (ECF No. 91-3 at 6; see also Rosenow, 50 F.4th at 724 (“Facebook's privacy policy likewise stated that it has the right to ‘access, preserve and share information when [it] ha[s] a good faith belief it is necessary to: detect, prevent and address fraud and other illegal activity.’ ” (alterations in original) (citing to Facebook's 2016 Data Policy)).) Courts have held that, “exceptions to the SCA are to be construed narrowly.” Suraju v. Yahoo!, Inc., No. 22-mc-80072-SK, 2022 WL 3365086, at *4 (N.D. Cal. July 13, 2022) (citing Suzlon Energy Ltd. v. Microsoft Corp., 671 F.3d 726, 730 (9th Cir. 2011)), appeal dismissed, No. 22-16231, 2022 WL 18671555 (9th Cir. Dec. 14, 2022). Moreover, the burden of proving consent falls on the party seeking to invoke the exception. Calhoun, 526 F. Supp. 3d at 620 (citing Matera v. Google Inc., No. 15-CV-04062-LHK, 2016 WL 5339806, at *17 (N.D. Cal. Sept. 23, 2016)). Consent may be explicit or implied, but it must be actual. In re Google, Inc., No. 13–MD–02430–LHK, 2013 WL 5423918, at *12 (N.D. Cal. Sept. 26, 2013). For consent to be actual, the disclosures must “explicitly notify” users of the specific practice at issue. Id. at *13; see also Campbell v. Facebook, Inc., 77 F. Supp. 3d 836, 847–48 (N.D. Cal. 2014) (holding that, for consent to be valid, disclosures must inform users of the “specific practice” being challenged). The disclosures must also be unambiguous. In re Facebook, Inc., Consumer Priv. User Profile Litig., 402 F. Supp. 3d 767, 794 (N.D. Cal. 2019) [hereinafter “Facebook Consumer Profile”]. “[I]f a reasonable ... user could have plausibly interpreted the contract language as not disclosing that [the defendant] would engage in particular conduct” then the defendant cannot rely on the user's consent to except its conduct. Id. at 789–90. Here, Facebook's Privacy Policy is not “reasonably susceptible to more than one interpretation.” Id. at 789. The policy explicitly states that Facebook may “share [users'] information” with “government entities” “when [it] ha[s] a good faith belief it is necessary to prevent ... illegal activity.” (ECF No. 91-3 at 6.) Unlike cases where courts have determined that a company's policy was too “general” or too “vague” to establish consent for a particular disclosure, Facebook's language here is clear and unequivocal. Cf. In re Google Assistant Priv. Litig., 457 F. Supp. 3d 797, 823 (N.D. Cal. 2020) (finding that a reasonable user could not be expected to connect two separate sections of a privacy policy to anticipate the Defendant's use of their data); Campbell, 77 F. Supp. 3d at 847 (finding that the disclosure that Facebook “ ‘may use the information we received about you’ ” for “ ‘data analysis’ ” was “not specific enough to establish that users expressly consented to the scanning of the content of their messages ... for alleged used in targeted advertising”); Facebook Consumer Profile, 402 F. Supp. 3d at 792. In Rosenow's criminal case, this Court found that: *15 After reading the data and privacy policies of Yahoo and Facebook, it is hard to imagine a scenario where any individual, including an educated one like Defendant, could possibly have a subjective expectation of privacy in his communications on those online platforms, especially where his conduct flagrantly violated the terms of use. United States v. Rosenow, 3:17-cr-03430-WQH, ECF No. 49 at 31. Accordingly, Defendants have satisfied their burden and shown that Rosenow “actually” consented to their disclosures. The Court finds Yahoo's and Facebook's disclosures to governmental entities were permitted under § 2702(b)(3), (c)(2). 4. To Protect the Rights of the Provider Section 2702(b)(5) and (c)(3) govern the disclosure of customer communications and records “as may may be necessarily incident to the rendition of the service or to the protection of the rights or property of the provider of that service.” 18 U.S.C. § 2702(b)(5), (c)(3). Yahoo and Facebook additionally contend that their disclosures were permitted under § 2702(b)(5) and (c)(3) because they were made to protect their rights and property. Although Rosenow contends that Defendants cannot invoke § 2702(b)(5) and (c)(3) because it is a “general” and not “specific” exception, the Court has already rejected this contention. Rosenow does not otherwise oppose Defendants' contentions that their disclosures were exempt from SCA liability to protect their rights and property. (See generally ECF No. 94.) Additionally, the Ninth Circuit has already determined that Defendants had “legitimate business reasons for purging child pornography and exploitation from their platforms, and they acted in furtherance of those reasons when they investigated Rosenow.” Rosenow, 50 F.4th at 733. This finding supports the conclusion that Defendants' actions align with the SCA exceptions under § 2702(b)(5) and (c)(3). The terms “rights” and “property” are not “intended to ... permit a provider to contract with an unauthorized party an obligation to divulge all stored messages, without notice to or any consent from the originator of the message, and then to claim that such divulgence is to protect the rights in such a contract” but rather are intended to refer to interests such as “intellectual property rights” and “the right to be free from the theft of services.” H.R. Rep. No. 99-647, at 67 (1986). Here, Yahoo and Facebook disclosed Rosenow's communications and records to remove his unlawful activity from their platforms and protect their business interests. Such disclosures are analogous to the rights Congress specified that the exception intended to protect. Therefore, the Court finds that, based upon the allegations of the SAC and the judicially noticed materials, the Defendants' actions fall under § 2702(b)(5) and (c)(3), as they disclosed the results of their investigations to protect their rights and purge Rosenow's unlawful activity from their platforms. 5. Conclusion The Court finds that Defendants' disclosures to NCMEC were lawful pursuant to § 2702(b)(6) and (c)(5) which provide for disclosures of customer communications and records “to [NCMEC], in connection with a report submitted thereto under section 2258A.” 18 U.S.C. § 2702(b)(6), (c)(5). Additionally, and in the alternative, the Court finds that Defendants' disclosures to all government entities were lawful because Rosenow had consented to the disclosures and because the disclosures were necessary to protect Defendants' rights. Id. § 2702(b)(3), (b)(5), (c)(2), (c)(3). Accordingly, Defendants' Motions to Dismiss the SAC's second and third causes of action are granted. B. Wiretap Act Claim *16 Rosenow brings a cause of action against Yahoo for violations of the Wiretap Act, Title I of the federal ECPA. Rosenow alleges that Yahoo intercepted his private communications and unlawfully divulged the content of these messages in violation of 18 U.S.C. § 2511 (“§ 2511”). The Wiretap Act makes it unlawful to “intentionally intercept[ ] ... any wire, oral, or electronic communication” or to “use[ ]” or “disclose[ ]” the contents of any intentionally intercepted communication. 18 U.S.C. § 2511(1). The Wiretap Act defines “intercept” as “the aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device.” 18 U.S.C. § 2510(4). Yahoo contends that Rosenow's allegations regarding its alleged interception of his communications are too conclusory to support a claim under the Wiretap Act. (See ECF No. 90-1 at 19–21.) In the alternative, Yahoo contends that its alleged disclosures fall under the Wiretap Act's exceptions for (1) disclosures to which a user has consented (18 U.S.C. § 2511(2)(d), (3)(b)(ii)) and (2) disclosures made to protect the rights of the provider (18 U.S.C. § 2511(2)(a)(i), (3)(b)(i)). Id. at 21–25. Rosenow contends that the SAC alleges sufficient facts to support a plausible inference that Yahoo violated the Wiretap Act. (ECF No. 94 at 35 (citing Iqbal, 556 U.S. at 682).) Rosenow contends that Yahoo cannot invoke § 2511(2)(d) because he did not consent to the alleged interception of his communications. Id. at 31–34. Rosenow further contends that Yahoo cannot invoke § 2511(2)(a)(i) because § 2511(2)(a)(i) applies only when an ESP's interception is incidental to or facilitates the provision of its electronic communication services. Id. at 17 (citing In re Google, Inc., 2013 WL 5423918, at *11).[8] 1. Insufficient Allegations of an Interception The Ninth Circuit has explained that a “narrow definition of ‘intercept’ applies to electronic communications.” Konop v. Hawaiian Airlines, Inc., 302 F.3d 868, 878 (9th Cir. 2002). For a communication “to be ‘intercepted’ in violation of the Wiretap Act, it must be acquired during transmission, not while it is in electronic storage.” Konop, 302 F.3d at 878; see also In re Vizio, Inc., Consumer Priv. Litig., 238 F. Supp. 3d 1204, 1226 (C.D. Cal. 2017) (“In so holding, Konop strove to distinguish between information acquired contemporaneously to its transmission and information that resides in electronic storage. ... Access to information maintained in electronic storage is governed by the Stored Communications Act, while the Wiretap Act regulates access to information acquired contemporaneously to its transmission.”). “[A]cquisition occurs ‘when the contents of a [ ] communication are captured or redirected in any way.’ ” Noel v. Hall, 568 F.3d 743, 749 (9th Cir. 2009) (quoting United States v. Rodriguez, 968 F.2d 130, 136 (2d Cir. 1992)). Once “received by the destination server, a communication becomes ‘stored’ and contemporaneous interception is no longer possible.” In re Carrier IQ, Inc., 78 F. Supp. 3d 1051, 1077–78 (N.D. Cal. 2015) (citing NovelPoster v. Javitch Canfield Grp., 140 F. Supp. 3d 938, 951–52 (N.D. Cal. 2014)). *17 Rosenow alleges that Yahoo's ECIT adopted an “automated scanning tool” originally “used by [Yahoo's] ‘Content Moderation team’ ” “to intercept, redirect and scan users' incoming and outgoing emails and text messages during transit and then store[ ] them for future use.” (SAC ¶¶ 36–37.) Rosenow alleges that the tool enabled “ECIT to read the last line of chat messages to get the ‘gist’ of the communication.” Id. ¶ 36; see also id. ¶ 38. Rosenow alleges that Yahoo disclosed the information it learned from these interceptions in reports to federal agents. See, e.g., id. ¶¶ 98, 105, 129, 184–85. To support his allegation that the tool used by ECIT actually intercepted his communications while in transit, Rosenow alleges that a “Compliance Guide for Law Enforcement” created by Yahoo “[i]nforms [l]aw [e]nforcement that Yahoo ‘does not store content for the downloadable Messenger client’ or ‘archive the content or communications for the downloadable messenger client.’ ” Id. ¶¶ 27–28. Rosenow also alleges that Zadig “testified under oath that Yahoo [ ] does not store any images and videos shared on the messenger Platform.” Id. ¶ 33. But somehow, “Yahoo [ ] nevertheless reported images and messages from their messenger platform.” Id. ¶ 97 n.4; see also id. ¶ 105. Rosenow alleges that, therefore, “the only way that ECIT could have obtained the reported images was by intercepting the images and videos, while in transit, as part of their Philippines Webcam Investigation.” Id. ¶ 109. Rosenow makes a number of additional conclusory allegations that ECIT utilized this tool to “intercept[ ] [a] targeted person's private messages while in transit.” Id. ¶ 44; see also id. ¶¶ 36, 45, 90, 109. Courts have held that given the speed of internet communications, “ ‘interception of [such communications] within the prohibition of the Wiretap Act is virtually impossible.’ ” NovelPoster, 140 F. Supp. 3d at 951–52 (quoting United States v. Steiger, 318 F.3d 1039, 1050 (11th Cir. 2003)); see also Martin v. Sephora USA, Inc., No. 1:22-cv-01355-JLT-SAB, 2023 WL 2717636, at *10 (E.D. Cal. Mar. 30, 2023) (considering the argument that “because internet communications travel so quickly, there is only an incredibly narrow window during which an interception could occur; moreover, such transmissions may generally be improperly accessed either on the originating or receiving end, but are not typically intercepted during transmission”). Rosenow alleges that the “Law Enforcement Guide” states that Yahoo does not store any content for the downloadable Messenger client and that Zadig testified that Yahoo does not “store any images.” Yahoo asks the Court not to credit the Law Enforcement Guide, contending that it is unauthenticated and undated and because it “provides that Messenger communications may be stored and that its policies are subject to change without notice.” (ECF No. 98 at 5.) Yahoo also contends that Rosenow's allegations regarding Zadig's testimony are irrelevant because he does not allege that Yahoo did not store “the text content of message chats,” only that Yahoo did not “store any images.” Id. Even accepting Rosenow's allegations as true, the Court finds that any implications intended by them are contradicted by Rosenow's own allegation that Yahoo used the same tool he alleges was used to intercept his messages to “pull[ ] [Rosenow's] full chat history on the Yahoo USA Messenger.” (SAC ¶ 184; see also ECF No. 94 at 36 (referring to the fact that Yahoo used the tool to “pull Plaintiff's entire chats” and asserting that therefore he has plausibly alleged that ECIT used the tool to intercept users' communications).) As discussed above, once a communication has reached its destination server, its interception is no longer possible. In re Carrier IQ, Inc., 78 F. Supp. 3d at 1077–78 (citing NovelPoster, 140 F. Supp. 3d at 951–52). Therefore, an interception of Rosenow's communications would require that Yahoo acquired the communication before it reached whoever Rosenow was communicating with. If, as Rosenow alleges, Yahoo “pulled his full chat history,” (SAC ¶ 184), then his chat history must have been stored somewhere. Any implications Rosenow intended to suggest by referencing the Law Enforcement Guide and Zadig's testimony are thereby contradicted by Rosenow's own allegations in the SAC that Yahoo “pulled his full chat history.” Id. Rosenow's remaining allegations are too conclusory to support an inference that Yahoo “captured or redirected” the contents of Rosenow's communications while in transit. Noel, 568 F.3d at 749; see, e.g., In re Vizio, 238 F. Supp. 3d at 1227–28 (“Besides their conclusory allegation that Vizio intercepted their electronic communications ‘during transmission’ ..., Plaintiffs rely on a rather inscrutable graphic with no textual explanation ... and vague allegations about how Vizio's data collection occurs ‘in real time.’ ”); Martin, 2023 WL 2717636, at *10 (same, collecting cases). Therefore, the Court finds that Rosenow has failed to allege a Wiretap Act claim against Yahoo. 2. User's Consent *18 In the alternative, Yahoo contends that the Wiretap Act claim should be dismissed on the ground that Yahoo obtained express consent for any alleged interception of Rosenow's communications when Rosenow agreed to Yahoo's Additional Terms of Service (“ATOS”). (See ECF No. 90 at 17.) Like the SCA, the Wiretap Act includes an exception for interceptions and disclosures made with a user's consent. See 18 U.S.C. § 2511(2)(d) (excepting from liability interceptions where “one of the parties to the communication has given prior consent”), (3)(b)(ii) (permitting disclosure of the contents of a communication “with the lawful consent of the originator”). The Court takes judicial notice of Yahoo's ATOS and the record produced by the YAMT because they are “incorporated by reference in the complaint.” Ritchie, 342 F.3d at 907; see, e.g., SAC ¶¶ 16 n.3, 18–20.)[9] Rosenow's complete YAMT record explicitly shows that Rosenow agreed to the ATOS on July 5, 2011. (See ECF No. 90-5 at 6.) The 2011 ATOS states in relevant part: Please note that your Yahoo! Messenger account is tied to your Yahoo! Mail account. Therefore, your use of Yahoo! Messenger and all Yahoo! Messenger services will be subject to the TOS and laws applicable to the Applicable Yahoo! Company in Section 10. By using the Services, you consent to allow Yahoo!'s automated systems to scan and analyze all incoming and outgoing communications content sent and received from your account (such as Mail and Messenger content including instant messages and SMS messages) including those stored in your account to, without limitation, provide personally relevant product features and content, to match and serve targeted advertising and for spam and malware detection and abuse protection. Unless expressly stated otherwise, you will not be allowed to opt out of this feature. If you consent to this ATOS and communicate with non-Yahoo! users using the Services, you are responsible for notifying those users about this feature. (ECF No. 90-4 at 6 (emphasis added).) The ATOS explicitly states that Yahoo will scan and analyze all incoming and outgoing communications content for several reasons, including “abuse protection,” and that Yahoo Messenger clients will be subject to the TOS. Thus, to the extent that Yahoo intercepted Rosenow's communications, the interception was permitted under § 2511(2)(d), (3)(b)(ii), as Rosenow consented to such interceptions when he agreed to the ATOS. 3. To Protect the Rights of the Provider *19 Lastly, Yahoo contends that any alleged interception was necessary to protect its rights and thus permitted under § 2511(2)(a)(i). The Wiretap Act provides that: It shall not be unlawful under this chapter for an ... officer, employee, or agent of a provider of wire or electronic communication service, whose facilities are used in the transmission of a wire or electronic communication, to intercept, disclose, or use that communication in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service, except that a provider of wire communication service to the public shall not utilize service observing or random monitoring except for mechanical or service quality control checks. 18 U.S.C. § 2511(2)(a)(i) (emphasis added). Rosenow cites to In re Google, Inc., 2013 WL 5423918, to contend that Yahoo cannot invoke § 2511(2)(a)(i) to make its actions lawful under the Wiretap Act. Rosenow is correct in asserting that In re Google, Inc. states that 18 U.S.C. § 2510(5)(a)(ii), which is an exception to the Wiretap Act for actions taken by a provider in the “ordinary course of business,” “is narrow and designed only to protect electronic communication service providers against a finding of liability under the Wiretap Act where the interception facilitated or was incidental to provision of the electronic communication service at issue.” 2013 WL 5423918, at *11. However, the Court finds this analysis is not relevant to Yahoo's contention regarding § 2511(2)(a)(i), which is an entirely different exception under the Wiretap Act allowing ESPs to intercept communications to protect their rights. In re Google, Inc. discusses § 2511(2)(a)(i) only to provide evidence that 18 U.S.C. § 2510(5)(a)(ii) was not intended to be read broadly. 2013 WL 5423918, at *9 (stating that § 2511(2)(a)(i) “would be superfluous if the ordinary course of business exception were as broad as Google suggests”). In its analysis of Rosenow's SCA claims, the Court found that, based upon the allegations of the SAC and the judicially noticed materials, Yahoo acted to protect its rights and purge Rosenow's activity from its platform. Thus, to the extent that Rosenow alleges an interception, the Court finds that the interception was permitted under § 2511(2)(a)(i) for the same reasons. Accordingly, Rosenow fails to adequately state a claim under the Wiretap Act against Yahoo. Yahoo's Motion to Dismiss Rosenow's first cause of action is granted, leaving no federal claims remaining against Defendants.[10] C. State Law Claims *20 Rosenow's claims for negligence arise under California state law. The federal supplemental jurisdiction statute provides: [I]n any civil action of which the district courts have original jurisdiction, the district courts shall have supplemental jurisdiction over all other claims that are so related to claims in the action within such original jurisdiction that they form part of the same case or controversy under Article III of the United States Constitution. 28 U.S.C. § 1367(a). “The district courts may decline to exercise supplemental jurisdiction” for a number of reasons, including if “the district court has dismissed all claims over which it has original jurisdiction[.]” Id. § 1367(c)(3). “While discretion to decline to exercise supplemental jurisdiction over state law claims is triggered by the presence of one of the conditions in § 1367(c), it is informed by the [United Mine Workers of America v.] Gibbs[,] [383 U.S. 715 (1966),] values of economy, convenience, fairness, and comity.” Acri v. Varian Assocs., 114 F.3d 999, 1001 (9th Cir. 1997) (quotation omitted). “ ‘[I]n the usual case in which federal-law claims are eliminated before trial, the balance of factors ... will point toward declining to exercise jurisdiction over the remaining state law claims.’ ” Schneider v. TRW, Inc., 938 F.2d 986, 993 (9th Cir. 1991) (quoting Carnegie-Mellon Univ. v. Cohill, 484 U.S. 343, 350 n.7 (1970)). Rosenow's federal claims have been dismissed. The Court declines to exercise supplemental jurisdiction over Rosenow's state law claims. Defendants' Motions to Dismiss are granted.[11] Rosenow's SAC is dismissed without prejudice. D. Leave to Amend “A district court ... may in its discretion deny leave to amend due to ... repeated failure to cure deficiencies by amendments previously allowed ... [or] futility of amendment.” Zucco Partners, LLC v. Digimarc Corp., 552 F.3d 981, 1007 (9th Cir. 2009) (internal quotation marks omitted)); see also Finley v. Williams, No. 2:21-CV-06277-RGK-PD, 2022 WL 2036309, at *3 (C.D. Cal. Jan. 24, 2022) (denying Plaintiff's motion to amend the complaint for her “repeated failure to cure deficiencies”); Schmier v. U.S. Ct. Appeals for Ninth Cir., 279 F.3d 817, 824 (9th Cir. 2002) (recognizing that “[f]utility of amendment” is a proper basis for dismissal without leave to amend); Cantu v. Tapestry, Inc., 697 F. Supp. 3d 989, 992 (S.D. Cal. 2023) (finding that “if the plaintiff has previously amended his complaint, the court's ‘discretion to deny leave to amend is particularly broad’ ”) (quoting Salameh v. Tarsadia Hotel, 726 F.3d 1124, 1133 (9th Cir. 2013)). The Court has provided Rosenow the opportunity to amend his complaint twice to no avail. (See ECF Nos. 15 & 88.) Although Rosenow claims that he “can cure any legal defects identified by the Court by pleading additional facts and doing additional legal research,” (ECF No. 94 at 43), Rosenow still has not shown any legal basis for his claims and has failed to address the deficiencies highlighted by the Court in its prior orders dismissing the Complaint and FAC. See id.; see also Bonin v. Calderon, 59 F.3d 815, 845 (9th Cir. 1995) (“[W]e have held that a district court does not abuse its discretion in denying a motion to amend where the movant presents no new facts but only new theories and provides no satisfactory explanation for his failure to fully develop his contentions originally.”). In its Order dismissing Rosenow's FAC, the Court cautioned that “this will be Rosenow's final grant of leave to amend, absent extraordinary circumstances.” (ECF No. 88 at 27 n.7.) As the record reflects no such circumstances, the Court declines to grant Rosenow leave to amend for a third time. VI. CONCLUSION *21 IT IS HEREBY ORDERED that Defendants' Motions to Dismiss Plaintiff's SAC (ECF Nos. 90, 91) are granted. Plaintiff's SAC is dismissed without prejudice and without leave to amend. The Clerk of the Court is directed to issue judgment and close this case. Footnotes [1] Yahoo Holdings, Inc. was formerly known as Oath Holdings, Inc. and erroneously sued as Yahoo, Inc. [2] The Court refers to Meta Platforms, Inc. by its former name, Facebook. [3] Section 2702(a) provides: (a) Prohibitions.--Except as provided in subsection (b) or (c)-- (1) a person or entity providing an electronic communication service to the public shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service; and (2) a person or entity providing remote computing service to the public shall not knowingly divulge to any person or entity the contents of any communication which is carried or maintained on that service-- (A) on behalf of, and received by means of electronic transmission from (or created by means of computer processing of communications received by means of electronic transmission from), a subscriber or customer of such service; (B) solely for the purpose of providing storage or computer processing services to such subscriber or customer, if the provider is not authorized to access the contents of any such communications for purposes of providing any services other than storage or computer processing; and (3) a provider of remote computing service or electronic communication service to the public shall not knowingly divulge a record or other information pertaining to a subscriber to or customer of such service (not including the contents of communications covered by paragraph (1) or (2)) to any governmental entity. [4] Rosenow also appears to allege that Yahoo violated 18 U.S.C. § 2701 (“§ 2701”) (see, e.g., SAC ¶ 371), which provides a cause of action against anyone who “(1) intentionally accesses without authorization a facility through which an electronic communication service is provided; or (2) intentionally exceeds an authorization to access that facility; and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage.” 18 U.S.C. § 2701(a)(1), (2). However, the statute explicitly exempts “the person or entity providing a wire or electronic communications service” from its scope. Id. § 2701(c)(1). Rosenow's own pleading alleges that Yahoo “operates as an electronic communication service.” (SAC ¶ 361.) Accordingly, the Court dismisses this claim to the extent it is alleged. [5] Rosenow alleges in the SAC that the 2008 version of § 2258A governs in this case. (See SAC Exhibit C at 88.) Defendants do not contest this assertion or suggest that a different version of the statute is applicable. (See ECF No. 91 at 13 n.1 (Facebook similarly citing to the 2008 version of § 2258A).) [6] Yahoo requests the Court take judicial notice of the entire record in Rosenow's criminal case. (ECF No. 90-2 at 2–4.) Facebook requests the Court take judicial notice of specific documents within the record of Rosenow's criminal case. (ECF No. 91-7 at 6 (requesting judicial notice of copies of the April 28, 2017 CyberTipline Report with a generated CT# 20647168, the May 1, 2017 CyberTipline Report with a generated CT# 20711118, and the substantive portion of the subpoena filed by Rosenow in United States v. Rosenow, 3:17-cr-03430-WQH, ECF Nos. 29-13 & 92-2 (S.D. Cal. Mar. 19, 2018)).) Rosenow objects to Yahoo's request to take judicial notice of the entire record in his criminal case because his “§ 2255 [sic] is still pending a decision.” (ECF No. 94 at 11–12.) Additionally, Rosenow objects to the Court taking judicial notice of “the 2014 Yahoo USA Privacy Policy and all related court holdings around this specific Policy.” Id. The Court takes judicial notice of the entire record in Rosenow's criminal case, including the CyberTipline Reports identified by Facebook, as they are court filings that “are readily verifiable.” Reyna Pasta Bella, LLC, 442 F.3d at 746 n.6. The Court notes that court holdings, particularly the holdings of the Ninth Circuit in Rosenow's criminal appeal, are not subject to judicial notice but have preclusive effect, as this Court is bound by the rulings of the Ninth Circuit Court of Appeals. [7] The German-specific terms state: For users resident in Germany: 1. Section 2 applies with the proviso that our use of this content is limited to use on or in connection with Facebook. 2. Section 15.1 is replaced by: This notice is subject to German law. 3. Section 15.3 is replaced by: We are liable exclusively as follows: We are liable without limitation in accordance with the statutory provisions (i) for damages resulting from injury to life, body or health; (ii) in the event of intent; (iii) in the event of gross negligence; and (iv) in accordance with the German Product Liability Act. Without limiting the foregoing, we shall only be liable for slight negligence in the event of a breach of a “material” obligation under this contract. “Material” obligations in this sense are obligations that are necessary for the performance of the contract, the breach of which would jeopardize the achievement of the purpose of the contract, and on whose observance you can therefore regularly rely. In these cases, liability is limited to typical and foreseeable damages; in other cases, there is no liability for slight negligence. 4. Notwithstanding section 13, changes will take effect 30 days after the date on which we notify you of the proposed changes. If you do not wish to accept the changes, you must delete your account and failure to do so will constitute acceptance of the changes. We will specifically draw your attention to this 30-day period and its significance in our email announcing the changes. (ECF No. 94-4.) These terms do not affect the incorporation of the Privacy Policy into the SRR, which occurs in section 1 and is central to the determination of this issue. [8] Rosenow also contends that Yahoo cannot invoke § 2511(2)(a)(i), as it is a general exception to the Wiretap Act and more specific exceptions exist for disclosures to law enforcement, relying on the same “the specific governs the general” principles he relied on to support his SCA claim. The Court rejects this contention for the reasons discussed above. [9] Rosenow contests the Court's judicial notice of the ATOS and the YAMT. Rosenow contends that the YAMT should not be judicially noticed because the SAC does not reference “any AMT tool nor did he know such a tool existed” and that he only made reference “to a document (not a tool) titled Yahoo Account management Tool (YAMT) that was provided to him during discovery in his criminal proceedings.” (ECF No. 94 at 31.) Rosenow contends that the various iterations of ATOS submitted by Yahoo should not be judicially noticed because although he “does not contest the content of the ATOS and uses some of its language in his SAC,” “the declaration [submitting them] lacks critical information.” Id. at 32. “[I]ncorporation by reference is a judicially created doctrine that treats certain documents as though they are part of the complaint itself. The doctrine prevents plaintiffs from selecting only portions of documents that support their claims, while omitting portions of those very documents that weaken—or doom—their claims.” Khoja, 899 F.3d at 1002. The SAC states “[b]ased on information and belief the YAMT has a section on when the account owner agreed to any specific terms. Plaintiff did not agree to any specific terms when he opened or maintained his [ ] account.” (SAC ¶ 20 n.4.) The SAC also quotes directly from Yahoo's ATOS. Id. ¶ 16 n.3. Rosenow's complete YAMT record and the ATOS contradict his allegations that he did not agree to any terms or consent to Yahoo's interceptions. Thus, their incorporation by reference serves to ensure that Rosenow cannot “select[ ] only portions of [the] documents that support [his] claim.” (See ECF No. 90-5 at 6; see also Steckman v. Hart Brewing, Inc., 143 F.3d 1293, 1295–96 (9th Cir. 1998) (finding that a court is “not required to accept as true conclusory allegations which are contradicted by documents referred to in the complaint”).) [10] The SAC's factual allegations suggest that Yahoo also violated 18 U.S.C. § 2252(a)—which, as relevant here, prohibits the distribution of child pornography—by sharing aspects of its investigation directly with federal law enforcement agents, instead of limiting its disclosures to NCMEC. (See, e.g., SAC ¶¶ 8, 41, 52–53, 97, 117, 119, 122–23, 196.) However, Rosenow does not assert a separate claim against Yahoo for this alleged violation. Even if such a claim were implied, Rosenow fails to allege any facts that would support an inference that this criminal statute provides him standing to sue for Yahoo's alleged distribution of child pornography. Accordingly, to the extent that such a claim is alleged, the Court dismisses it. See Zhang v. Twitter Inc., No. 23-cv-00980-JSC, 2023 WL 3919546, at *2 (N.D. Cal. June 8, 2023) (“To the extent Plaintiff also alleges claims under 18 U.S.C. [§] 2252 ... criminal statutes generally do not give rise to a private right of action.” (citing Cent. Bank of Denver, N.A. v. First Interstate Bank of Denver, N.A., 511 U.S. 164, 190 (1994))). [11] The Court need not consider the remainder of the arguments raised in the parties' briefing.