On January 27, 2026, Judge Lee Gabriel, of the Orange County Superior Court, sustained a demurrer without leave to amend in a California Invasion of Privacy Act (CIPA) lawsuit, clarifying how narrowly it views the statute governing “pen registers” and “trap and trace” devices.
The court focused on the statutory definitions now codified in California law:
- A “pen register” is a device or process that records or decodes dialing, routing, addressing, or signaling information transmitted by an instrument or facility from which a wire or electronic communication is transmitted, excluding content. It does not include tools used in the ordinary course for billing, cost accounting, or similar business purposes.
- A “trap and trace device” captures incoming electronic or other impulses that identify the originating number or other routing information that can reasonably identify the source of a communication, again excluding content.
The court emphasized that the statutory scheme is aimed at a specific category of telephone surveillance tools, not a broad range of internet tracking technologies.
Applying standard rules of statutory interpretation, the court examined legislative history and intent. Key points:
- Legislative materials described the bill as intended to allow state and local law enforcement to seek emergency orders for pen registers and trap and trace devices “used in telephone surveillance,” and to impose a higher evidentiary standard than federal law.
- The statute was enacted in 2015, long after the rise of the internet and widespread online communication. The court reasoned that if the Legislature had wanted the law to cover internet surveillance technologies, it would have said so expressly.
- The court concluded that the legislative purpose is limited: preventing the use of pen registers and trap and trace devices on telephones, not expanding CIPA to cover all manner of modern digital tracking.
Departure from Federal Trial Court Decisions Expanding CIPA
The court expressly engaged with, and ultimately rejected, broader interpretations adopted by some federal district courts:
- In Greenley v. Kochava, Inc. (S.D. Cal. 2023), the court read CIPA’s definition of “pen register” expansively, emphasizing the broad phrase “device or process.” It reasoned that software used for data “fingerprinting” could qualify as a pen register, focusing on the type of data collected rather than the physical form of the tool.
- Shah v. Fandom, Inc. (N.D. Cal. 2024) followed Greenley and concluded that reading CIPA broadly fit with California’s strong privacy protections and courts’ willingness to apply statutes to new technologies.
This Court took a different view:
- It noted that internet communications were not a “new technology” in 2015 and therefore this is not a situation where an old statute must be adapted to unanticipated technologies.
- It cited the California Supreme Court’s recognition, in Flanagan v. Flanagan, that CIPA broadly protects privacy, but distinguished that general privacy purpose from the specific, later-enacted pen register/trap and trace provisions.
- It held that, given the clear legislative history, the statute’s purpose is to regulate telephone-based surveillance tools, not to reach general online tracking software.
In short, the court rejected the reasoning in Greenley and Shah that pushed CIPA’s pen-register provisions into the realm of internet tracking.
Blalock v. EquipmentShare.com Inc, No. 30-2025-01508739-CU-MC-CJC, 2026 WL 330067 (Cal.Super. Jan. 27, 2026).
