Veksler v. Wipro, LLC

U.S. Court of Appeals for the Second Circuit December 19, 2025

Opinion

25-369 Veksler v. Wipro, LLC

UNITED STATES COURT OF APPEALS FOR THE SECOND CIRCUIT

SUMMARY ORDER

RULINGS BY SUMMARY ORDER DO NOT HAVE PRECEDENTIAL EFFECT. CITATION TO A SUMMARY ORDER FILED ON OR AFTER JANUARY 1, 2007, IS PERMITTED AND IS GOVERNED BY FEDERAL RULE OF APPELLATE PROCEDURE 32.1 AND THIS COURT’S LOCAL RULE 32.1.1. WHEN CITING A SUMMARY ORDER IN A DOCUMENT FILED WITH THIS COURT, A PARTY MUST CITE EITHER THE FEDERAL APPENDIX OR AN ELECTRONIC DATABASE (WITH THE NOTATION “SUMMARY ORDER”). A PARTY CITING A SUMMARY ORDER MUST SERVE A COPY OF IT ON ANY PARTY NOT REPRESENTED BY COUNSEL.

At a stated term of the United States Court of Appeals for the Second Circuit, held at the Thurgood Marshall United States Courthouse, 40 Foley Square, in the City of New York, on the 19th day of December, two thousand twenty-five.

PRESENT: ROBERT D. SACK, MYRNA PÉREZ, Circuit Judges, VINCENT L. BRICCETTI, District Judge. * ________________________________________

ELVIRA VEKSLER,

Plaintiff-Appellant,

v. No. 25-369 WIPRO, LLC,

Defendant-Appellee. ________________________________________

* Judge Vincent L. Briccetti, of the United States District Court for the Southern District of New York, sitting by designation.

1 FOR PLAINTIFF-APPELLANT: KENNETH F. MCCALLION, McCallion & Associates, LLP, New York, NY.

FOR DEFENDANT-APPELLEE: JUNG H. PARK, (Ryanne A. Hankla, Andrew L. Margulis, on the brief), Ropers Majeski PC, New York, NY.

Appeal from a judgment of the United States District Court for the Southern

District of New York (Oetken, J.).

UPON DUE CONSIDERATION, IT IS HEREBY ORDERED, ADJUDGED,

AND DECREED that the judgment of the District Court is AFFIRMED.

Elvira Veksler sued Wipro, LLC under the Electronic Communications Privacy Act

(“ECPA”),

18 U.S.C. § 2511

(1)(a), the Stored Communications Act (“SCA”),

18 U.S.C. § 2701

(a), and the Computer Fraud and Abuse Act (“CFAA”),

18 U.S.C. § 1030

(a)(5)(A)–

(C). 1 After discovery, the District Court granted Wipro’s motion for summary judgment

in its entirety, and this appeal followed. We assume the parties’ familiarity with the

underlying facts, the procedural history, and the issues on appeal, which we reference

only as necessary to explain our decision to affirm.

I. Background

Between July and November of 2021, Veksler worked as a freelance content writer

for Wipro using her own personal computer. To facilitate her work, Wipro gave Veksler

1 Veksler also brought state-law claims that the District Court dismissed without prejudice. We affirm that dismissal as well.

2 a Wipro email ID to access its web-based email service. On February 10, 2022, several

months after Veksler finished her work for Wipro, she emailed a Wipro employee,

notifying Wipro that she was not able to access her laptop and requesting Wipro’s

assistance. After some investigation, Wipro determined that its “security management

tool,” JAMF, had been installed on Veksler’s computer. App’x at 402. In addition to

JAMF, Veksler claims that another software—CrowdStrike Falcon Sensor

(“CrowdStrike”)—was installed on her device. On February 16, Wipro successfully

removed JAMF from Veksler’s computer.

Veksler claims that Wipro intentionally installed JAMF and CrowdStrike on her

computer without her knowledge or consent in order to access and monitor her data,

communications, and other activity. Wipro responds that it did not intend to access

Veksler’s computer and, in any event, it did not collect or monitor any of Veksler’s data

or activity. The District Court ruled for Wipro, concluding that Veksler did not adduce

sufficient evidence from which a jury could conclude that Wipro intended for its software

to be installed on Veksler’s device.

II. Standard of Review

“We review de novo a district court’s decision to grant summary

judgment, construing the evidence in the light most favorable to the party against whom

summary judgment was granted and drawing all reasonable inferences in that party’s

favor.” Roth v. Armistice Cap., LLC,

151 F.4th 21

, 25–26 (2d Cir. 2025). Summary judgment

3 is appropriate where “there is no genuine dispute as to any material fact and the movant

is entitled to judgment as a matter of law.” Fed. R. Civ. P. 56(a).

III. Discussion

Plaintiffs bringing claims under the ECPA, SCA, and CFAA must establish that

the defendant acted intentionally. See

18 U.S.C. § 2511

(1)(a) (ECPA makes it unlawful to

“intentionally intercept[], endeavor[] to intercept, or procure[] any other person to

intercept or endeavor to intercept, any wire, oral, or electronic communication”);

id.

§ 2701(a) (SCA makes it unlawful to “(1) intentionally access[] without authorization a

facility through which an electronic communication service is provided; or (2)

intentionally exceed[] an authorization to access that facility[,] and thereby obtain[],

alter[], or prevent[] authorized access to a wire or electronic communication while it is in

electronic storage in such system”); id. § 1030(a)(5)(A)–(C) (CFAA prohibits 1)

“knowingly caus[ing] the transmission of a program, information, code, or command,

and as a result of such conduct, intentionally caus[ing] damage without authorization, to

a protected computer;” 2) “intentionally access[ing] a protected computer without

authorization, and as a result of such conduct, recklessly caus[ing] damage;” or 3)

“intentionally access[ing] a protected computer without authorization, and as a result of

such conduct, caus[ing] damage and loss”).

Here—as both parties agree—that means Veksler’s burden is to establish that

Wipro acted with the “conscious objective” of accessing her computer. See United States

4 v. Townsend,

987 F.2d 927, 930

(2d Cir. 1993) (holding that, to find an ECPA violation, the

“defendant’s act must have been the product of defendant’s conscious objective rather

than the product of a mistake or an accident”). 2 Thus, Veksler must show that at some

point in time, Wipro intended for its software to be installed on her laptop. Nothing in

the record supports even that threshold conclusion.

Contrary to Veksler’s theory that the software was pushed to her device when she

first created a Wipro email account, the only forensic analysis conducted of the device

found that the software was not installed until October 2021—several months after she

created her Wipro account. See App’x at 209–10. Veksler relies on language from an

email chain among Wipro employees stating “this person is locked out of her computer

and we’re responsible” as evidence Wipro intended to install the software on her device.

See App’x at 69. But no reasonable factfinder could conclude, based on this isolated line,

that Wipro was aware its software had been installed on Veksler’s laptop before Veksler

contacted Wipro in February 2022, let alone that Wipro intended that outcome. See App’x

at 58–74.

Veksler urges that, even if Wipro did not intentionally install its software on her

computer, once the software was there, Wipro knowingly used it to intercept her

communications and access her data. But the record does not support that conclusion

2 As the District Court pointed out, courts have interpreted the intentionality requirement in the SCA and the CFAA to have the same meaning as it does in the ECPA. See Spec. App’x at 5–6 (citing Butera & Andrews v. Int'l Bus. Machs. Corp.,

456 F. Supp. 2d 104, 110

(D.D.C. 2006)).

5 either. Even if there is a triable issue as to whether JAMF or CrowdStrike could have

been used to access Veksler’s data, monitor her communications, or intercept her

communications in the way she alleges, nothing in the record suggests that Wipro

actually used its software to do so in this case. And Veksler adduces no evidence that it

was ever Wipro’s conscious objective to use the software on Veksler’s device to do so.

To be clear, the Clifton Report does not create a triable issue as to Wipro’s intent.

As an initial matter, “summary judgment is not per se precluded because there are

conflicting experts.” Dalberth v. Xerox Corp.,

766 F.3d 172, 189

(2d Cir. 2014) (quoting In

re Omnicom Grp., Inc. Sec. Litig.,

597 F.3d 501, 512

(2d Cir. 2010)). Indeed, “an expert’s

report is not a talisman against summary judgment.”

Id.

(quoting Raskin v. Wyatt Co.,

125 F.3d 55, 66

(2d Cir. 1997)). Many of the conclusions reached by the Clifton Report are

“speculative or conclusory.” Garcia v. Hartford Police Dep’t,

706 F.3d 120, 128

(2d Cir.

2013). More importantly, the dispositive issue of Wipro’s intent is beyond the Report’s

scope. Accordingly, “we conclude that the report does not add any facts to the record

that create a genuine dispute as to any material fact.”

Id.

IV. Conclusion

We have considered Veksler’s remaining arguments and find them to be without

merit. Accordingly, we AFFIRM the judgment of the District Court.

FOR THE COURT: Catherine O’Hagan Wolfe, Clerk of Court

Reference

Status: Unpublished