Please E-mail suggested additions, comments and/or corrections to Kent@MoreLaw.Com.
Date: 04-01-2018
Case Style: City and County of San Francisco v. Homeaway.Com, LLC
Case Number: A150385
Judge: Ruvolo, P.J.
Court: California Court of Appeals Fourth Appellate District on appeal from the Superior Court, Riverside County
Plaintiff's Attorney: James Moxon Emery
Defendant's Attorney: Rochelle Lyn Wilcox, Helgi C. Walker, Jeana Bisnar Maute and Joshua David Dick
Description: A. HomeAway’s Business
In the trial court, HomeAway offered evidence about its business and storage of
electronic records by filing the declaration of Steve Davis, HomeAway’s chief digital and
cloud officer. Davis described HomeAway as an “online forum that allows property
owners to list their properties for short-term rentals and connect with individuals who are
looking to rent a house or apartment when visiting a city, rather than stay in a hotel.”
Davis explained that HomeAway is not a party to home rental transactions; it operates
Web sites that owners and travelers use to locate each other and arrange their own
bookings and rentals.
Listing a property on a HomeAway Web site involves the following steps. First,
the owner must register for an account, which requires him or her to complete forms “that
ask for personal information, such as name, address, telephone number, and credit card
information.” Then the owner uses his or her account to post a listing, which provides
pertinent information about the property, including the rental rate and other details.
HomeAway processes the owner’s “data,” and stores it so that it can be used in
connection with future listings and other services that HomeAway offers.
HomeAway offers two alternative services to owners and travelers to assist them
with making “arrangements to book and rent properties” listed with HomeAway. First,
they can send messages to each other “through HomeAway’s website (a service called
HomeAway Secured Communication).” All arrangements can be made via this service,
or the parties may elect to complete their transactions by “exchanging telephone numbers
or personal email addresses.” Both owners and travelers (who also create online
accounts) “may” retain their messages, which are then stored by HomeAway.
3
Alternatively, rental arrangements can be made using HomeAway’s online
reservation service. Online booking data does not necessarily correlate with completed
transactions because reservation may be cancelled offline. Furthermore, HomeAway’s
data about these transactions may not be comprehensive because it uses a third-party
Internet service to process online payments.
Davis estimated that, in the past five years, more than 10,000 San Francisco
properties have been listed on a HomeAway Web site. According to Davis, the “vast
majority” of bookings and rentals involving San Francisco properties have been arranged
by direct communications between owners and travelers, and the only “data” HomeAway
has about these transactions are the communications themselves, which “may show that
users reached agreements for bookings and rentals.” Davis also estimated that “there are
hundreds of thousands of messages concerning San Francisco listings in the last four and
one-half years,” and he opined that searching through these messages for specific data
would be “enormously burdensome.”
Finally, Davis emphasized that owners who list their properties with HomeAway
“agree that ‘they are responsible for and agree to abide by all laws, rules, ordinances, or
regulations applicable to their listings and rental of their properties, including . . .
requirements relating to taxes.’ ” As proof of this agreement, Davis attached a copy of a
set of “Terms and Conditions” that HomeAway posts on its Web site (the HomeAway
Terms) as an exhibit to his declaration.
The HomeAway Terms state, among other things, that the use of any HomeAway
Web-based service constitutes acceptance of the HomeAway Terms, as well as
HomeAway’s “Privacy Policy,” both of which are available on HomeAway Web sites.
By accepting these terms, users acknowledge, among other things, that they have a
“Limited License” to access HomeAway Web sites, services and content; and that
HomeAway has proprietary rights in its Web sites and “all” Web site content. Users also
acknowledge that HomeAway has a right to use e-mail addresses, names, and “other
information” provided by registered users. In this regard, the HomeAway Terms states:
“Your use of the Site signifies your acknowledgement of, and agreement with, our
4
Privacy Policy [Web site address]. We adhere to strong principles of privacy. You agree
that we may access and use your user-contributed content in accordance with these Terms
or our Privacy Policy [Web site address] and we agree that we will only disclose your
user-contributed content in accordance with these Terms and our Privacy Policy [Web
site address].”
Pertinent provisions of the HomeAway Privacy Policy state that: (1) HomeAway
may use customers’ personal information for purposes such as data mining; (2) thirdparty
data processors may have access to personal information stored on HomeAway
Web sites; and (3) HomeAway may disclose users’ personal information to a
governmental entity pursuant to a subpoena or other legal request.2
B. The City’s Subpoena
On April 5, 2016, the City’s tax collector served a subpoena on HomeAway (the
2016 subpoena). The 2016 subpoena was issued pursuant to article 6, section 6.4-1,
subdivision (c) of the San Francisco Business and Tax Regulations Code (the B&TR
Code), which states that the tax collector “may order any person or persons, whether
taxpayers, alleged taxpayers, witnesses, or custodians of records, to produce all books,
papers, and records which the Tax Collector believes may have relevance to enforcing
compliance with the provisions of the [B&TR] Code for inspection, examination, and
copying at the Tax Collector’s Office during normal business hours.”
2 The City has filed a request for judicial notice of the HomeAway Privacy Policy.
HomeAway objects to this request to the extent that the City “seeks to use the substance
of the privacy policy to establish facts or support arguments.” HomeAway argues that a
court may take judicial notice only of the existence of a Web site, not of any Web site
content. We disagree with this broad statement.
Both parties rely on Searles Valley Minerals Operations, Inc. v. State Bd. of
Equalization (2008) 160 Cal.App.4th 514, 519, which stands for the proposition that the
truth of the factual content of a Web site is not the proper subject of judicial notice. Here
we may take judicial notice of HomeAway’s privacy policy not for its substantive truth
but because the fact that this policy exists is evidence that HomeAway subscribers and
customers were on notice of certain company policies when they shared personal
information with HomeAway. Accordingly, we grant the request for judicial notice.
5
The 2016 subpoena ordered HomeAway to produce “all data, documents, records,
and other material described in Exhibit A attached hereto.” Exhibit A requested that
HomeAway provide two categories of information.
The City’s first request was for “data identifying all hosts who have offered
accommodations located in the [City] through [HomeAway] or any affiliated websites
between January 1, 2012 and the date of HomeAway’s response to this subpoena.” For
each host, the City requested data showing the location(s) of the accommodations; the
host’s contact information; and all “identifying information” that HomeAway had created
or retained about the host.
The City’s second request was for “data identifying all bookings for rental
transactions of which you are aware that involved accommodations located in the [City]
during the period between January 1, 2012 and the date of HomeAway’s response to this
subpoena.” The City requested data as to all bookings that were made through a service
offered by HomeAway or an affiliate, whether or not the rental transaction ultimately
took place. For each booking, the City requested data showing the location(s) of the
accommodations; the host’s contact information; and all identifying information that
HomeAway created or obtained regarding the host and the booking.
In outlining these requests for what we will refer to as (1) host data and (2)
booking data, the City offered extensive examples of the types of information it was
seeking, which typically included very specific identifying information, such as names,
street addresses, telephone numbers, e-mail addresses, host codes, dates of birth, and
driver’s license numbers.
C. The City’s Petition
On June 21, 2016, the City filed a petition to enforce compliance with the 2016
subpoena, which was supported by the following material allegations:
First, HomeAway is registered to do business in California and has being doing
business in the City for several years by providing “internet-based platforms on which
San Francisco property owners, renters and/or managers or their agents (collectively,
6
‘Owners’) advertise residential properties to potential renters, usually tourists, seeking
temporary lodging in San Francisco.”
Second, the B&TR Code requires (1) owners who rent out property to obtain a
business registration certificate from the treasurer (B&TR Code, art. 12, § 853), and
(2) renters of short-term rental properties in the City must pay a transient occupancy tax
(TOT) (B&TR Code, art. 7, §§ 501–515.2). Unless the rental transaction is arranged
through a qualified Web site company, the owner is required to collect the TOT at the
time rent is paid for the short-term accommodation, and to file monthly or quarterly
returns remitting the TOT to the tax collector. (B&TR Code, art. 6, § 6.9-2 & art. 7,
§ 504.)
Third, the B&TR Code imposes a duty on the tax collector to collect taxes
imposed by the code (B&TR Code, art. 6, § 6.3-1), and authorizes the tax collector to
investigate possible noncompliance with the code, and to “issue and serve subpoenas” in
order to carry out the tax provisions of the code (B&TR Code, art. 6, § 6.4-1).
Fourth, pursuant to its authority under the B&TR Code, the tax collector made
several attempts to secure information from HomeAway that would enable the City to
identify (1) owners who listed properties for rent on HomeAway’s Web sites, and
(2) resulting rental transactions. Initially, the tax collector made an informal request for
this information, which HomeAway denied. In October 2015, the tax collector issued
and served a subpoena demanding that HomeAway produce these two categories of
information. HomeAway objected to the subpoena and refused to comply voluntarily
with it. In April 2016, the tax collector issued and served an updated subpoena (i.e., the
2016 subpoena), demanding the production of the same two categories of information. In
a letter to HomeAway’s counsel, the City responded to HomeAway’s objections to the
2015 subpoena, and offered to work with HomeAway to limit the scope of the subpoena
7
to address concerns that some language was vague and/or overbroad.3 Again,
HomeAway objected and refused to comply.
Finally, the City alleged that the tax collector had good cause to obtain the
information sought from HomeAway as evidenced by a recent policy analysis report on
short-term rentals in San Francisco, which showed that most owners were not in
compliance with B&TR Code requirements applicable to their rental transactions.4
Accordingly, the City requested that the superior court exercise its authority to order
HomeAway to comply with the 2016 subpoena.
In August 2016, HomeAway filed its opposition to the City’s petition, arguing that
the 2016 subpoena was invalid for the following reasons: (1) the City was using the
subpoena to collect an invalid tax; (2) the subpoena was overbroad and burdensome;
(3) enforcing the subpoena would impinge on the First Amendment rights of HomeAway
customers; and (4) the subpoena violated provisions of the SCA that restrict a
government entity’s ability to compel disclosure of electronic data stored with an Internet
service provider.
At an August 25, 2016 hearing on the petition, the parties focused almost
exclusively on questions of whether the SCA applied, and if so, whether the City had
complied with the statutory requirements for compelling disclosure of HomeAway’s
customer records. At the conclusion of the hearing, the court invited the parties to submit
additional authority regarding the SCA, and continued the matter. On September 20,
2016, the court granted the City’s petition, but stayed its ruling so HomeAway could seek
appellate review.
3 The City attached copies of its correspondence with HomeAway’s counsel to the
petition. In an April 2016 letter, the City stated: “San Francisco is not seeking at this
time to have HomeAway produce host credit card or banking information, passwords,
login information, posts made in discussion forums, or property photographs.”
4 This report was attached as an exhibit to the City’s petition. Additional pertinent
evidence regarding the short-term rental business in San Francisco was filed in the lower
court as part of a declaration from an employee of the City’s budget and legislative
analyst’s office.
8
The court formalized its rulings in an order that was signed on September 28 and
filed on October 4, 2016 (the October 2016 order), which states in part: “There is
insufficient support in the record to establish that HomeAway is either an Electronic
Communications Service or a Remote Computing Service within the mean of the [SCA].
There is insufficient evidence to show that the subpoena was burdensome or overbroad.
The subpoena does not violate First Amendment rights. The Court does not need to reach
the issue of the City’s authority under the hotel tax. The subpoena is sufficiently related
to the tax ordinances to permit the subpoena to be enforced.”
III. DISCUSSION
A. The SCA
HomeAway’s first argument is that the order enforcing the 2016 subpoena must be
reversed because the City failed to comply with the requirements of the SCA.
1. Statutory Framework
“The Electronic Communications Privacy Act of 1986 (‘ECPA’), Pub. L. 99-508
(1986) addresses various areas of electronic surveillance including wiretaps, tracking
devices, stored wire and electronic communications, pen registers, and trap and trace
devices. [Citation.]” (United States v. Anderson (D. Nev., Apr. 27, 2016, Case No. 2:15-
cr-0020-KJD-PAL) 2016 U.S. Dist. LEXIS 103387, at *23–24.) The SCA, which is
contained in Title II of the ECPA, “governs access to stored electronic communications.”
(Ibid.)
“Congress passed the SCA . . . to fill a gap in the protections afforded by the
Fourth Amendment.” (Juror Number One v. Superior Court (2012) 206 Cal.App.4th
854, 860 (Juror Number One).) “The Fourth Amendment provides no protection for
information voluntarily disclosed to a third party, such as an Internet service provider
(ISP). [Citations.] [¶] To remedy this situation, the SCA creates a set of Fourth
Amendment-like protections that limit both the government’s ability to compel ISP’s to
disclose customer information and the ISP’s ability to voluntarily disclose it.” (Id. at
p. 860, citing Kerr, A User’s Guide to the Stored Communications Act—And a
9
Legislator’s Guide to Amending It (2004) 72 Geo. Wash. L.Rev. 1208, 1212–1213 (Kerr
User’s Guide).)5
“ ‘The [SCA] reflects Congress’s judgment that users have a legitimate interest in
the confidentiality of communications in electronic storage at a communications facility.
Just as trespass protects those who rent space from a commercial storage facility to hold
sensitive documents, [citation], the [SCA] protects users whose electronic
communications are in electronic storage with an ISP or other electronic communications
facility.’ [Citation.]” (Juror Number One, supra, 206 Cal.App.4th at p. 860.)
Importantly, the SCA “is not a catch-all statute designed to protect the privacy of stored
Internet communications; instead it is narrowly tailored to provide a set of Fourth
Amendment-like protections for computer networks.” (Kerr User’s Guide, supra, at
p. 1214.)
These protections, contained in sections 2702 and 2703, provide network account
holders with “statutory privacy rights against access to stored account information held
by network service providers.” (Kerr User’s Guide, supra, at p. 1212.) Section 2702,
which is not directly at issue, limits the ability of a network service provider or ISP
voluntarily to disclose information about its customers or subscribers to the government.
In this case, we focus on section 2703, which “creates limits on the government’s ability
to compel providers to disclose information in their possession about their customers and
subscribers.” (Kerr User’s Guide, supra, at p. 1212, fn. omitted.)
Specifically, section 2703 regulates government access to (1) the content of a wire
or electronic communication that is processed or stored on an electronic communication
service (ECS) or a remote computing service (RCS), and (2) an electronic record or other
information about a subscriber or customer of an ECS or RCS. Section 2703 contains
different sets of procedures for compelling disclosure of these two categories of evidence,
5 Like the court in Juror Number One, supra, 206 Cal.App.4th at page 860, the
parties in this case use the Kerr User’s Guide to frame their discussion of SCA.
10
each of which affords different levels of privacy protection. (In re Search Warrant for
[Redacted]@yahoo.com (C.D. Cal. 2017) 248 F.Supp.3d 970, 974–975.)
Consistent with other provisions of the SCA, section 2703 affords a higher level of
privacy protection to stored electronic communications than to customer records.6
Several factors dictate what procedure(s) the government entity may use to compel
disclosure of an electronic communication, including whether the record is stored on an
ECS or an RCS, the amount of time that the record has been in storage, and the purpose
for which the record was stored. Electronic communications that enjoy the highest level
of protection afforded by the SCA cannot be obtained by a government entity without a
warrant. (§ 2703(a).) For other types of electronic communications covered by
section 2703, the government can compel disclosure if it either (1) obtains a warrant, or
(2) gives prior notice to the subscriber or customer who generated the communication
and then obtains either an administrative subpoena authorized by state or federal statute, a
grand jury subpoena, a trial subpoena, or a court order. (§ 2703(a) & (b)).
Section 2703 procedures for obtaining customer records covered by the SCA
afford two distinct layers of protection to the customer or subscriber. First, a government
entity may compel disclosure of records that identify the customer and provide details
about the customer’s use of the provider’s service by issuing an administrative subpoena
authorized by a federal or state statute. (§ 2703(c)(1)(E) & (c)(2).) Second, to compel
disclosure of other customer records pertaining to a subscriber or customer of an ECS or
RCS (not including content of communications) the government entity must obtain one of
the following: (1) a warrant from a court of competent jurisdiction; (2) a court order
based upon a showing that the information is pertinent to an ongoing criminal
investigation; (3) consent of the customer or subscriber; or (4) authorization pursuant to a
6 According to Kerr, this aspect of the SCA is “intuitive” in that the “actual
contents of messages naturally implicate greater privacy concerns than information
(much of it network-generated) about those communications.” (Kerr User’s Guide,
supra, at p. 1228.)
11
written request to a law enforcement agency investigating telemarketing fraud.
(§ 2703(c)(1)(A)–(D).)
2. Issues Presented
HomeAway argues the 2016 subpoena violates the SCA because: (1) HomeAway
is “covered” by the SCA as an ECS provider, (2) HomeAway is “covered” by the SCA as
a RCS provider, (3) the City attempts to compel disclosure of electronic communications
without securing a warrant or providing prior notice to HomeAway subscribers; and
(4) the 2016 subpoena was not issued pursuant to a state or federal statute.
“Whether an entity is acting as an RCS or an ECS (or neither) is context
dependent, and depends, in part, on the information disclosed. [Citations.]” (Low
v. LinkedIn Corp. (N.D. Cal. 2012) 900 F.Supp.2d 1010, 1023.) “[T]he key is the
provider’s role with respect to a particular copy of a particular communication, rather
than the provider’s status in the abstract. A provider can act as an RCS with respect to
some communications, an ECS with respect to other communications, and neither an
RCS nor an ECS with respect to other communications.” (Kerr User’s Guide, supra, at
pp. 1215–1216, fns. omitted.)
Therefore, the enforceability of the 2016 subpoena does not depend on whether
HomeAway is somehow “covered” by the SCA. Even if we assume that HomeAway’s
platform qualifies as an ECS and/or a RCS, HomeAway cannot establish a violation
under the SCA without demonstrating that the City failed to use an authorized procedure
for compelling HomeAway to disclose the evidence sought by the 2016 subpoena. As
discussed below, the 2016 subpoena does not require HomeAway to disclose electronic
communications. Furthermore, the procedure the City used to compel disclosure of
HomeAway’s customer records was authorized by the SCA.
3. The City Is Not Requesting Electronic Communications
Throughout appellant’s opening brief, HomeAway argues that most of the records
responsive to the 2016 subpoena are electronic communications generated by
HomeAway subscribers. The record does not support this argument. The two requests
incorporated into the 2016 subpoena are broad in scope, but seek very specific
12
information about hosts who use HomeAway to offer to rent property located in
San Francisco, and about bookings of rental property located in San Francisco.
Importantly, the 2016 subpoena does not expressly or implicitly command HomeAway to
produce any electronic communication generated by a HomeAway user. Furthermore,
when the City served the 2016 subpoena it advised HomeAway’s counsel that it was not
seeking the production of users’ login information, or “posts made in discussion forums.”
And, in the lower court the City repeatedly stated that it was not seeking to compel
HomeAway to disclose the content of electronic communications.
In appellant’s reply brief, HomeAway contends that the 2016 subpoena
necessarily demands disclosure of electronic communications because “it seeks
information that often would be shared through personal communications.” We disagree
with this conclusion. If HomeAway has collected information about its users that is
covered by the subpoena, it cannot withhold that information from the City simply
because that information might also be included in the content of a user’s electronic
communication. By the same token, to the extent HomeAway has exercised some right
to mine the electronic communications stored on its system, the information it has
extracted for its own business uses would not meet the definition of an electronic
communication stored on an ISP service.
At oral argument before this court, counsel for the City reiterated that the 2016
subpoena does not compel disclosure of electronic communications, and HomeAway’s
appellate counsel accepted this representation, which she characterized as a concession.
Accordingly, we now confirm and adopt the parties’ stipulation that the 2016 subpoena
does not compel the disclosure of any electronic communication generated by a customer
or subscriber of a HomeAway service. In light of this stipulation, the pertinent issue
under the SCA is whether the City followed an authorized procedure for compelling the
disclosure of a service provider’s customer records.
4. SCA Requirements Pertaining to Customer Records
As noted in our overview of the SCA, section 2703 contains different sets of
procedures for compelling disclosure of two categories of records pertaining to a
13
customer of an ECS and/or a RCS. First, the government entity may use an
administrative subpoena authorized by a federal or state statute to compel disclosure of
certain types of customer records that are listed in section 2703(c)(2), which pertain to
the identity of the subscriber and the services he or she has utilized. Second, for all other
customer records the government may not use an administrative subpoena to compel
disclosure, but must instead use one of several alternative procedures outlined in section
2703(c)(1).
HomeAway contends that most of the information demanded by the 2016
subpoena “goes far beyond” the basic customer identification data covered by section
2703(c)(2). We do not accept this contention for two related reasons.
First, section 2703(c)(2) is broader than HomeAway assumes. It authorizes the
use of an administrative subpoena to compel the disclosure of the following records
pertaining to the subscriber or customer: name; address; telephone connection records,
records of session times and durations; length of service and types of services utilized;
subscriber identification numbers, including telephone numbers or temporarily assigned
network addresses; means and sources of payment, including credit card information and
bank account numbers. (§ 2703(c)(2)(A)–(F).)
Second, the 2016 subpoena is construed reasonably as requesting the types of
customer identification evidence and customer transaction records that are delineated in
section 2703(c)(2). The request for host data seeks specific identifying information about
HomeAway customers who used its service during a given period to offer an
accommodation in San Francisco. The request for booking data also seeks specific
information about specific customers’ use of HomeAway’s services to book rentals—
names, dates, addresses, and payment information. Though potentially voluminous, the
information that the City seeks is very specific data identifying HomeAway’s customers,
specifying what services those customers used and when, and identifying the source and
method of payments made to HomeAway for those services.
The fact that the 2016 subpoena contains some language that could be construed
as applying to some other type of customer record that HomeAway retains on its systems
14
does not mean the 2016 subpoena is unenforceable. Undisputed evidence demonstrates
that the City was consistently willing to meet and confer with HomeAway to resolve
concerns that the language of this subpoena was vague and or overbroad. HomeAway’s
supposition that some unspecified records fall outside the scope of section 2703(c)(2)
may turn out to be a ground for withholding that evidence, but does not support
HomeAway’s claim that the entire subpoena is unenforceable under the SCA.
HomeAway contends that the 2016 subpoena is invalid even if limited to the
categories of information listed in section 2703(c)(2) because it was issued pursuant to a
local law as opposed to a state or federal statute. We disagree with this argument.
The SCA does not state that an administrative subpoena must be issued “pursuant”
to a state or federal statute, as HomeAway contends. Rather, the administrative subpoena
must be “authorized” by a state or federal statute. (§ 2703(c)(2)(F); see also
§ 2703(b)(1)(B)(i).)
Article X, section 7 of the California Constitution states: “A county or city may
make and enforce within its limits all local, police, sanitary, and other ordinances and
regulations not in conflict with general laws.” This state statute authorizes cities to levy
taxes for city purposes. (Willingham Bus Lines, Inc. v. Municipal Court for San Diego
Judicial Dist. (1967) 66 Cal.2d 893, 896 [“ ‘Whether or not state law has occupied the
field of regulation, cities may tax businesses carried on within their boundaries and
enforce such taxes by requiring business licenses for revenue and by criminal penalties.’
[Citations.]”; City of San Bernardino Hotel/Motel Assn. v. City of San Bernardino (1997)
59 Cal.App.4th 237, 242-243; People ex rel. Flournoy v. Yellow Cab Co. (1973)
31 Cal.App.3d 41, 46.) Thus, the 2016 subpoena, which was issued pursuant to the
City’s B&TR Code, was an exercise of the City’s power to tax as authorized by a state
statute, i.e., the California Constitution.
For all these reasons, we conclude that HomeAway has failed to demonstrate that
the October 2016 order enforcing the 2016 subpoena violates the privacy protections that
the SCA affords to HomeAway customers.
15
B. HomeAway’s Constitutional Claims
In a separate set of arguments, HomeAway contends that the order enforcing the
2016 subpoena violates the constitutional rights of HomeAway customers who exchange
private communications on HomeAway’s housing Web sites.
Preliminarily, HomeAway fails to demonstrate that it has standing to assert these
claims. HomeAway posits, without analysis, that it may invoke constitutional “defenses”
that could otherwise be asserted by its customers or subscribers, citing NAACP v. State of
Alabama (1958) 357 U.S. 449, 459.) In that case, the Supreme Court held that the
NAACP was the appropriate party to assert the free association rights of its members by
refusing to produce the group’s “rank-and-file” membership lists. (Ibid.) The Court
reasoned that the NAACP and its members were “in every practical sense identical” in
that the association was the medium through which its individual members sought to
exercise their own First Amendment rights to express their political views and advance
their beliefs and ideas. (Id. at pp. 459–460.)
In this case, by contrast, HomeAway has not demonstrated that it is an appropriate
party to assert the constitutional rights of its subscribers. HomeAway is an Internet
business as opposed to a political association, and its commercial relationship with
owners and travelers who pay to use its services is not comparable to the NAACP’s
relationship with its members. Further, even if HomeAway does have standing, its
substantive claims lack merit.
HomeAway first contends that the Fourth Amendment bars the City from getting
the information it seeks without first obtaining a warrant. We disagree. The Fourth
Amendment does not protect information voluntarily disclosed to a third party, which is
why the SCA created a set of Fourth-Amendment-like protections for customer
information stored on ISPs. (Juror Number One, supra, 206 Cal.App.4th at p. 860.) As
discussed above, the City has not violated those statutory protections by using its
authority under state law to compel HomeAway to disclose customer identification
records.
16
Insisting that Fourth Amendment protections extend to “online communications
and content” generated by HomeAway customers, HomeAway cites United States
v. Warshak (6th Cir. 2010) 631 F.3d 266 (Warshak). In Warshak, the appellant appealed
his fraud convictions on the ground that the government violated his Fourth Amendment
rights by compelling his Internet service providers to disclose thousands of his private
emails. (Id. at pp. 281–282.) In finding a Fourth Amendment violation, the Warshak
court emphasized the “fundamental similarities between email and traditional forms of
communication” and it reasoned that a “commercial ISP” is the “functional equivalent of
a post office or a telephone company” because it is the “intermediary that makes email
communication possible.” (Id. at pp. 285–286.) Warshak is not relevant here because the
2016 subpoena does not compel HomeAway to disclose private e-mails or any electronic
communication generated by a HomeAway subscriber.
In a separate argument, HomeAway claims that the compelled disclosure of the
identities of HomeAway customers would violate the First Amendment right to private
association. “The privacy of personal association is protected by the First and Fourteenth
Amendments of the United States Constitution. [Citations.] The freedom to associate
with the persons of one’s choice, without unwarranted governmental intervention or
interference, is divided into two components: the freedom of intimate association and the
freedom of expressive association. [Citation.]” (Pacific Union Club v. Superior Court
(1991) 232 Cal.App.3d 60, 70–71.) Intimate association is constitutionally protected as a
fundamental element of personal liberty “because ‘choices to enter into and maintain
certain intimate human relationships must be secured against undue intrusion by the
State . . . .’ [Citation.]” (Id. at p. 71.) The constitution also protects expressive
association “as an ‘indispensable means of preserving’ the liberty to ‘associate for the
purpose of engaging in those activities protected by the First Amendment—speech,
assembly, petition for the redress of grievances, and the exercise of religion. [Citations.]”
(Ibid.)
We conclude that the use of HomeAway’s platform to arrange a short-term rental
does not constitute an intimate association or an expressive association, but a commercial
17
association for the purpose of executing a business transaction. HomeAway appears to
concede that its users engage in commercial speech, but it argues that online “messages
also may contain any number of private and highly personal disclosures, including
requests for romantic restaurant ideas, daycare recommendations, Wi-Fi passwords, and
political opinions.” (Italics omitted.) We need not speculate about such matters,
however, because the 2016 subpoena does not compel HomeAway to disclose electronic
communications between owners and renters.
C. Remaining Contentions Regarding Local and State Law
Finally, HomeAway contends the 2016 subpoena is invalid because it is not
authorized by local or state law. We disagree.
The pertinent local law is article 6, section 6.4-1 of the B&TR Code
(section 6.4-1), which is titled “Records; Investigation; Subpoenas.” Section 6.4-1
imposes obligations on every taxpayer to keep business records that may be relevant to
the tax liability for a period of five years, and to comply with requests by the tax collector
to produce those records for inspection and copying. (B&TR Code, art. 6, § 6.4-1,
subds. (a)–(b).) Also, section 6.4-1 authorizes the tax collector to “order any person or
persons, whether taxpayers, alleged taxpayers, witnesses, or custodians of records, to
produce all books, papers, and records which the tax collector believes may have
relevance to enforcing compliance with the provisions of the [B&TR] Code.” And, the
Tax Collector is expressly authorized to “issue and serve subpoenas to carry out these
provisions.” (B&TR Code, § 6.4-1, subd. (f).)
We find that the tax collector acted within its authority under section 6.4-1 by
issuing the 2016 subpoena because the data he requested “may have relevance” to his
investigation regarding whether individuals who participate in short-term rentals are
complying with the City’s tax ordinances. As the City alleged in its petition, the tax
collector issued the 2016 subpoena in the course of an investigation regarding possible
noncompliance with two tax ordinances: (1) the “Tax on Transient Occupancy of Hotel
Rooms” ordinance, B&TR Code, article 7, sections 501–515.2 (the TOT ordinance); and
(2) the “Business Registration” ordinance, B&TR Code, article 12, sections 851–853.
18
HomeAway contends that the subpoena is not authorized by local law because
(1) the TOT ordinance imposes a “Hotel Tax” that cannot be lawfully applied to
HomeAway users who arrange short-term rental transactions, and (2) many of its users
may qualify for an exemption from the business certificate requirement imposed by the
Business Registration ordinance. The City disputes both of these claims. However, these
issues are beyond the scope of the present appeal; we do not need to resolve them here,
outside the context of an actual case or controversy, in order to determine whether the tax
collector acted within its authority. The pertinent local law is section 6.4-1 of the B&TR
Code, which establishes a broad standard of relevancy, confers broad investigative
authority on the tax collector, and expressly authorizes the tax collector to issue an
administrative subpoena under the circumstances presented here. This power to make
administrative inquiry is broad. (Arnett v. Dal Cielo (1996) 14 Cal.4th 4, 8.) It does not
depend on a case or controversy, but authorizes investigation “ ‘ “merely on suspicion
that the law is being violated, or even just because it wants assurance that it is not.” ’
[Citation.]” (Ibid.)
HomeAway argues that it has a due process right to challenge the tax collector’s
interpretation of the TOT ordinance in this proceeding because there is no other way for
it to bring such a challenge, as it is not the entity who will be subjected to the tax. This
argument, unsupported by authority, only highlights the fact that the issues HomeAway
attempts to litigate here are not ripe for judicial review. Indeed, the general rule is that “a
tax may be challenged only after it has been paid.” (Batt v. City and County of San
Francisco (2007) 155 Cal.App.4th 65, 71, disapproved on other ground in McWilliams
v. City of Long Beach (2013) 56 Cal.4th 613.)
Finally, HomeAway contends that the 2016 subpoena is overbroad under state
law, citing Union Pacific R.R. Co. v. State Bd. Of Equalization (1989) 49 Cal.3d 138
(Union Pacific). In that case, the Supreme Court held that “an assessee is entitled to
prepayment judicial relief from an assessor’s demand for information if the assessee can
show that the information is not reasonably relevant to the proposed tax.” (Id. at p. 147,
fn. omitted.) The court reasoned that the state constitutional ban on judicial relief prior to
19
payment of a tax applies to a tax board’s “demands for information because they are the
first step in the assessment and collection of taxes,” but that this “ ‘ban on prepayment
judicial review . . . must yield, of course, to the requirements of the federal
Constitution.’ ” (Id. at p. 146.) Union Pacific does not support HomeAway’s position in
the present case for two independent reasons. First, no tax has been assessed against
HomeAway or anyone HomeAway represents. Second, the information sought by the
2016 subpoena is reasonably relevant to the tax collector’s investigation conducted
pursuant to his authority to enforce the provisions of the B&TR Code discussed above.
Outcome: The order granting the City’s petition is affirmed. The City may recover costs of
appeal.
Plaintiff's Experts:
Defendant's Experts:
Comments: