25-369 Veksler v. Wipro, LLC

UNITED STATES COURT OF APPEALS FOR THE SECOND CIRCUIT SUMMARY ORDER RULINGS BY SUMMARY ORDER DO NOT HAVE PRECEDENTIAL EFFECT. CITATION TO A SUMMARY ORDER FILED ON OR AFTER JANUARY 1, 2007, IS PERMITTED AND IS GOVERNED BY FEDERAL RULE OF APPELLATE PROCEDURE 32.1 AND THIS COURT’S LOCAL RULE 32.1.1. WHEN CITING A SUMMARY ORDER IN A DOCUMENT FILED WITH THIS COURT, A PARTY MUST CITE EITHER THE FEDERAL APPENDIX OR AN ELECTRONIC DATABASE (WITH THE NOTATION “SUMMARY ORDER”). A PARTY CITING A SUMMARY ORDER MUST SERVE A COPY OF IT ON ANY PARTY NOT REPRESENTED BY COUNSEL.

At a stated term of the United States Court of Appeals for the Second Circuit, held at the Thurgood Marshall United States Courthouse, 40 Foley Square, in the City of New York, on the 19th day of December, two thousand twenty-five.

PRESENT: ROBERT D. SACK, MYRNA PÉREZ, Circuit Judges, VINCENT L. BRICCETTI, District Judge. * ________________________________________ ELVIRA VEKSLER, Plaintiff-Appellant, v. No. 25-369 WIPRO, LLC, Defendant-Appellee. ________________________________________ * Judge Vincent L. Briccetti, of the United States District Court for the Southern District of New York, sitting by designation.

FOR PLAINTIFF-APPELLANT: KENNETH F. MCCALLION, McCallion & Associates, LLP, New York, NY.

FOR DEFENDANT-APPELLEE: JUNG H. PARK, (Ryanne A. Hankla, Andrew L. Margulis, on the brief), Ropers Majeski PC, New York, NY.

Appeal from a judgment of the United States District Court for the Southern District of New York (Oetken, J.).

UPON DUE CONSIDERATION, IT IS HEREBY ORDERED, ADJUDGED, AND DECREED that the judgment of the District Court is AFFIRMED.

Elvira Veksler sued Wipro, LLC under the Electronic Communications Privacy Act (“ECPA”), 18 U.S.C. § 2511(1)(a), the Stored Communications Act (“SCA”), 18 U.S.C. § 2701(a), and the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030(a)(5)(A)– (C). 1 After discovery, the District Court granted Wipro’s motion for summary judgment in its entirety, and this appeal followed. We assume the parties’ familiarity with the underlying facts, the procedural history, and the issues on appeal, which we reference only as necessary to explain our decision to affirm.

I. Background Between July and November of 2021, Veksler worked as a freelance content writer for Wipro using her own personal computer. To facilitate her work, Wipro gave Veksler

Veksler also brought state-law claims that the District Court dismissed without prejudice. We affirm that dismissal as well. a Wipro email ID to access its web-based email service. On February 10, 2022, several months after Veksler finished her work for Wipro, she emailed a Wipro employee, notifying Wipro that she was not able to access her laptop and requesting Wipro’s assistance. After some investigation, Wipro determined that its “security management tool,” JAMF, had been installed on Veksler’s computer. App’x at 402. In addition to JAMF, Veksler claims that another software—CrowdStrike Falcon Sensor (“CrowdStrike”)—was installed on her device. On February 16, Wipro successfully removed JAMF from Veksler’s computer.

Veksler claims that Wipro intentionally installed JAMF and CrowdStrike on her computer without her knowledge or consent in order to access and monitor her data, communications, and other activity. Wipro responds that it did not intend to access Veksler’s computer and, in any event, it did not collect or monitor any of Veksler’s data or activity. The District Court ruled for Wipro, concluding that Veksler did not adduce sufficient evidence from which a jury could conclude that Wipro intended for its software to be installed on Veksler’s device.

II. Standard of Review “We review de novo a district court’s decision to grant summary judgment, construing the evidence in the light most favorable to the party against whom summary judgment was granted and drawing all reasonable inferences in that party’s favor.” Roth v. Armistice Cap., LLC, 151 F.4th 21, 25–26 (2d Cir. 2025). Summary judgment

is appropriate where “there is no genuine dispute as to any material fact and the movant is entitled to judgment as a matter of law.” Fed. R. Civ. P. 56(a).

III. Discussion Plaintiffs bringing claims under the ECPA, SCA, and CFAA must establish that the defendant acted intentionally. See 18 U.S.C. § 2511(1)(a) (ECPA makes it unlawful to “intentionally intercept[], endeavor[] to intercept, or procure[] any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication”); id. § 2701(a) (SCA makes it unlawful to “(1) intentionally access[] without authorization a facility through which an electronic communication service is provided; or (2) intentionally exceed[] an authorization to access that facility[,] and thereby obtain[], alter[], or prevent[] authorized access to a wire or electronic communication while it is in electronic storage in such system”); id. § 1030(a)(5)(A)–(C) (CFAA prohibits 1) “knowingly caus[ing] the transmission of a program, information, code, or command, and as a result of such conduct, intentionally caus[ing] damage without authorization, to a protected computer;” 2) “intentionally access[ing] a protected computer without authorization, and as a result of such conduct, recklessly caus[ing] damage;” or 3) “intentionally access[ing] a protected computer without authorization, and as a result of such conduct, caus[ing] damage and loss”).

Here—as both parties agree—that means Veksler’s burden is to establish that Wipro acted with the “conscious objective” of accessing her computer. See United States

v. Townsend, 987 F.2d 927, 930 (2d Cir. 1993) (holding that, to find an ECPA violation, the “defendant’s act must have been the product of defendant’s conscious objective rather than the product of a mistake or an accident”). 2 Thus, Veksler must show that at some point in time, Wipro intended for its software to be installed on her laptop. Nothing in the record supports even that threshold conclusion.

Contrary to Veksler’s theory that the software was pushed to her device when she first created a Wipro email account, the only forensic analysis conducted of the device found that the software was not installed until October 2021—several months after she created her Wipro account. See App’x at 209–10. Veksler relies on language from an email chain among Wipro employees stating “this person is locked out of her computer and we’re responsible” as evidence Wipro intended to install the software on her device.

See App’x at 69. But no reasonable factfinder could conclude, based on this isolated line, that Wipro was aware its software had been installed on Veksler’s laptop before Veksler contacted Wipro in February 2022, let alone that Wipro intended that outcome. See App’x at 58–74.

Veksler urges that, even if Wipro did not intentionally install its software on her computer, once the software was there, Wipro knowingly used it to intercept her communications and access her data. But the record does not support that conclusion

As the District Court pointed out, courts have interpreted the intentionality requirement in the SCA and the CFAA to have the same meaning as it does in the ECPA. See Spec. App’x at 5–6 (citing Butera & Andrews v. Int'l Bus. Machs. Corp., 456 F. Supp. 2d 104, 110 (D.D.C. 2006)). either. Even if there is a triable issue as to whether JAMF or CrowdStrike could have been used to access Veksler’s data, monitor her communications, or intercept her communications in the way she alleges, nothing in the record suggests that Wipro actually used its software to do so in this case. And Veksler adduces no evidence that it was ever Wipro’s conscious objective to use the software on Veksler’s device to do so. To be clear, the Clifton Report does not create a triable issue as to Wipro’s intent.

As an initial matter, “summary judgment is not per se precluded because there are conflicting experts.” Dalberth v. Xerox Corp., 766 F.3d 172, 189 (2d Cir. 2014) (quoting In re Omnicom Grp., Inc. Sec. Litig., 597 F.3d 501, 512 (2d Cir. 2010)). Indeed, “an expert’s report is not a talisman against summary judgment.” Id. (quoting Raskin v. Wyatt Co., 125 F.3d 55, 66 (2d Cir. 1997)). Many of the conclusions reached by the Clifton Report are “speculative or conclusory.” Garcia v. Hartford Police Dep’t, 706 F.3d 120, 128 (2d Cir. 2013). More importantly, the dispositive issue of Wipro’s intent is beyond the Report’s scope. Accordingly, “we conclude that the report does not add any facts to the record that create a genuine dispute as to any material fact.” Id. IV. Conclusion We have considered Veksler’s remaining arguments and find them to be without merit. Accordingly, we AFFIRM the judgment of the District Court.

FOR THE COURT: Catherine O’Hagan Wolfe, Clerk of Court