Ashley Popa v. Harriet Carter Gifts Inc. ( 2022 )

                                         PRECEDENTIAL
UNITED STATES COURT OF APPEALS
FOR THE THIRD CIRCUIT
No. 21-2203
ASHLEY POPA,
individually and on behalf of all others similarly situated,
Appellant
v.
HARRIET CARTER GIFTS, INC., a Pennsylvania
corporation; NAVISTONE, INC., a Delaware corporation
Appeal from the United States District Court
for the Western District of Pennsylvania
(D.C. Civil Action No. 2-19-cv-00450)
District Judge: Honorable William S. Stickman, IV
Argued on June 8, 2022
Before: CHAGARES, Chief Judge, AMBRO, and
FUENTES, Circuit Judges
(Opinion Filed October 18, 2022)
Jamisen A. Etzel
Kelly K. Iverson
Gary F. Lynch (Argued)
Elizabeth Pollock-Avery
Lynch Carpenter
1133 Penn Avenue
5th Floor
Pittsburgh, PA 15222
Counsel for Appellants
Sarah A. Ballard
Paul G. Karlsgodt (Argued)
Baker & Hostetler
1801 California Street
Suite 4400
Denver, CO 80202
Carrie H. Dettmer Slye
Baker & Hostetler
312 Walnut Street
Suite 3200
Cincinnati, OH 45202
Counsel for Appellee Harriet Carter Gifts, Inc.
David W. Bertoni (Argued)
Eamonn R. C. Hart
David Swetnam-Burland
Brann & Isaacson
184 Main Street
4th Floor
P. O. Box 3070
2
Lewiston, ME 04240
Devin J. Chwastyk
McNees, Wallace & Nurick
100 Pine Street
P. O. Box 1166
Harrisburg, PA 17101
Counsel for Appellee NaviStone, Inc.
OPINION OF THE COURT
AMBRO, Circuit Judge
This case began with a quest for pet stairs. Searching
for that item, Ashley Popa browsed the website of Harriet
Carter Gifts, added a set of stairs to her cart, but then left the
website without making a purchase. That might have been the
end of it. But she later discovered that, unbeknownst to her as
she was browsing the website, a third-party marketing service
Harriet Carter was using, NaviStone, tracked her activities
across the site. This, Popa believed, violated Pennsylvania’s
anti-wiretapping law, and she sued both entities (collectively,
the “Defendants”) in a Pennsylvania court (though they later
removed the case to federal court).
Pennsylvania’s       Wiretapping       and      Electronic
Surveillance Control Act (“WESCA” or “Act”), 18 Pa. C.S.
§ 5701 et seq., prohibits the interception of wire, electronic, or
oral communications, which means it is unlawful to acquire
3
those communications using a device. The District Court
granted summary judgment for NaviStone and Harriet Carter.
It held NaviStone could not have “intercepted” Popa’s
communications because it was a “party” to the electronic
conversation. Alternatively, it ruled that if any interception did
occur, it happened outside Pennsylvania’s borders; thus the Act
did not apply. As we read Pennsylvania law differently on both
holdings, we vacate the Court’s ruling and remand.
I. Background
In 2018, Ashley Popa used her iPhone to view Harriet
Carter Gifts’ website. A pop-up window asked for her email
address, which she provided. She searched for pet stairs, added
a set to her cart, and began (but never completed) the checkout
process.
There was more to that online interaction than met the
eye. As Popa clicked links, used the search function, and
tabbed through form fields on the website, her browser
simultaneously communicated with two entities: Harriet Carter
(this Popa obviously knew) and a third-party marketing
service, NaviStone, that it was using (this Popa did not know).
Her communications with Harriet Carter told the website what
to display on her screen and what to place in her cart. The
messages to NaviStone alerted it to how Popa was interacting
with the website (which pages she visited, when she filled in
an email address, when she added an item to her cart, and so
on).
The testimony and evidence are technical about how
these communications were sent, but the important points for
our purposes are not. When Popa—or any other user at that
time—loaded the Harriet Carter website, her browser sent a
4
“GET request” to the Harriet Carter server. The server
responded by sending HTML code to Popa’s browser. The
browser interpreted this code to allow the website to appear on
her screen. Harriet Carter’s HTML code also included some
JavaScript that told Popa’s browser to send another GET
request to NaviStone’s server in Virginia. That server
responded by sending its own “OneTag” code to Popa’s
browser. Once her browser loaded the OneTag code, two
things happened. First, the code placed cookies on Popa’s
browser so that her activity on the webpage had an associated
visitor ID. Second, the code told Popa’s browser to begin
sending information to NaviStone as Popa navigated through
the Harriet Carter website, such as communicating that she had
clicked the “add to cart” button or tabbed out of a form field.
NaviStone could later use this information to identify which of
Harriet Carter’s customers may be receptive to promotional
mailings.
In 2019, Popa sued Harriet Carter and NaviStone over
their use of the OneTag software. She brought two counts: a
claim for violation of the WESCA and a common law claim
for invasion of privacy. The District Court dismissed the
common law claim but allowed the WESCA claim to go to
summary judgment. As noted, the Court then ruled for the
Defendants. Popa now appeals.1
1
The District Court exercised diversity jurisdiction under 

(d)(2). Popa appeals the Court’s grant of
summary judgment, so we have jurisdiction under 

.
5
II. Standard of Review
We give a fresh (that is, de novo) review to the District
Court’s grant of summary judgment, viewing the facts and
making all reasonable inferences in the non-movant’s favor.
TitleMax of Del., Inc. v. Weissmann, 

, 236 n.3 (3d
Cir. 2022). Summary judgment is appropriate if “there is no
genuine dispute as to any material fact and the movant is
entitled to judgment as a matter of law.” Fed. R. Civ. P. 56(a).
When asked to interpret provisions of Pennsylvania
law, “the decisions of the Pennsylvania Supreme Court are the
authoritative source.” Spence v. ESAB Grp., Inc., 

, 216 (3d Cir. 2010). If there is no controlling decision, our
task is to predict how that Court would rule on an issue. 

That prediction may be informed by “decisions of state
intermediate appellate courts, of federal courts interpreting that
state’s law, [] of other state supreme courts that have addressed
the issue,” and other sources “tending convincingly to show
how the highest court in the state would decide the issue at
hand.” 

 at 216–17 (internal quotation marks omitted).
III. Discussion
The WESCA offers a private civil cause of action to
“[a]ny person whose wire, electronic or oral communication is
intercepted, disclosed or used in violation of [that statute]”
against “any person who intercepts, discloses or uses or
procures any other person to intercept, disclose or use, such
communication.” 18 Pa. C.S. § 5725(a). In other words, it
prohibits intercepting communications while allowing
someone whose communications have been intercepted to sue
the offender. It also operates in conjunction with and as a
supplement to the Federal Wiretap Act, 

 et
6
seq., which provides uniform minimum protections for wire,
electronic, or oral communications.         The States—like
Pennsylvania—may “grant greater, but not lesser, protection
than that available under federal law,” as the WESCA does.
Commonwealth v. Spangler, 

, 237 (Pa. 2002).
Popa, here proceeding only under Pennsylvania’s Act,
contends that NaviStone violated that statute by intercepting
her communications with Harriet Carter Gifts’ website.
Harriet Carter, in turn, also violated the Act, she asserts, by
“procur[ing] any other person [i.e., NaviStone] to intercept”
her communications. 18 Pa. C.S. § 5725. The Defendants,
though, argue that under Pennsylvania law no interception can
occur when the communications are received by a direct party,
which they say NaviStone was. Plus they make two alternative
arguments: first, even if they did intercept Popa’s
communications, the WESCA does not reach their conduct
because any interception occurred outside the Commonwealth;
and second, they had Popa’s implied consent to intercept. We
address each argument in turn.
A.
NaviStone and Harriet Carter are liable to Popa only if
NaviStone “intercepted” Popa’s communications. 18 Pa. C.S.
§ 5725(a). An “intercept” is a term of art in the wiretap
context. Though in normal conversation it means to “stop,
seize, or interrupt in progress”—such as when a safety jumps
between the quarterback and wide receiver to break up a pass—
the WESCA gives the word a “broader connotation than the
ordinary meaning.” In re Google Inc. Cookie Placement
Consumer Priv. Litig., 

, 144 n.80 (3d Cir. 2015)
(interpreting the identical portion of the Federal Wiretap Act’s
definition of “intercept”) (internal quotation marks omitted).
7
Under Pennsylvania’s Act, it is just the “[a]ural or other
acquisition of the contents of any wire, electronic or oral
communication through the use of any electronic, mechanical
or other device.”2 18 Pa. C.S. § 5702.
The WESCA’s use of “intercept” thus reduces to
acquiring certain communications using a device. And based
on just that definition, anyone could “intercept”
communications, including people who “acquire” a text
message or chat sent to them. The Defendants, though, argue
that Pennsylvania courts have added a gloss to the Act’s
statutory definition, making it so that no interception occurs
when a direct recipient is the one acquiring the
communications. Because, they claim, NaviStone was a direct
party to Popa’s communications, they are free from all liability.
For years, Pennsylvania courts routinely determined in
criminal suppression cases that no interception had occurred
under the WESCA when the alleged “interceptor” was the
direct recipient of a communication. Two Pennsylvania cases
illustrate this.
In the first, Commonwealth v. Proetto, a defendant was
convicted of criminal solicitation (among other things) based
on his internet chatroom messages with a 15-year-old girl. 

, 826–27 (Pa. Super. Ct. 2001). E.E., the victim,
saved her online conversations with the defendant and handed
them over to the police. 

. Later, when a detective
entered the chatroom impersonating another 15-year-old girl,
he logged messages the defendant sent “her” asking for a nude
video in exchange for nude photos of himself. 

. The
2
The Federal Wiretap Act’s definition uses identical language
for “intercept.” 

(4).
8
defendant later tried to suppress the evidence of his chat logs,
claiming the police obtained them in violation of the WESCA.

The Pennsylvania Superior Court held the Act was not
in play because the communications were not “intercepted.”

 at 828–29, 831–32. Particularly, the detective’s use of the
chatroom was not an “interception” because he was the
“intended recipient of [the defendant’s] communications,”
even if he misrepresented his true identity. 

. Thus
when “a party receives information from a communication as
a result of being a direct party to the communication, there is
no interception.” 

In the second case, Commonwealth v. Cruttenden, the
Pennsylvania Supreme Court reaffirmed Proetto’s holding:
when something is communicated to a direct recipient, there is
“no eavesdropping or listening in,” so “no interception [could
take] place.” 

, 100 (Pa. 2012). In that case, an
officer used the phone of the defendant’s accomplice to text the
defendant about a drug deal. 

. Posing as the
accomplice, the officer answered several questions from the
defendant to confirm his identity before the defendant began to
confide in him. 

 When those text messages were later used
at trial, the defendant tried to suppress them as violations of the
WESCA. 

.
The Pennsylvania Supreme Court, relying at length on
Proetto, held that there was no WESCA violation because the
officer was the “intended recipient” of the communication. 

. “That a police officer does not identify him- or herself,
or misrepresents his or her identity, does not change the fact
that he or she is a direct party to the conversation, and by virtue
of being a direct party to the conversation, is deemed the
9
intended recipient of the conversation under whatever identity
the officer has set forth.” 

If these cases stood alone, their expansive language
would, as the Defendants argue, suggest Pennsylvania courts
have carved out direct recipients from the WESCA’s reach.
But they aren’t the last word on the issue.
In 2012, a new set of the Pennsylvania General
Assembly’s amendments to the WESCA went into effect,
including an expanded definition of “intercept.” That
definition now reads (with the added language underlined):
“Intercept.” Aural or other acquisition of the
contents of any wire, electronic or oral
communication through the use of any
electronic, mechanical or other device. The term
shall include the point at which the contents of
the communication are monitored by
investigative or law enforcement officers. The
term shall not include the acquisition of the
contents of a communication made through any
electronic, mechanical or other device or
telephone instrument to an investigative or law
enforcement officer, or between a person and an
investigative or law enforcement officer, where
the investigative or law enforcement officer
poses as an actual person who is the intended
recipient of the communication, provided that
the Attorney General, a deputy attorney general
designated in writing by the Attorney General, a
district attorney or an assistant district attorney
designated in writing by a district attorney of the
county wherein the investigative or law
10
enforcement officer is to receive or make the
communication has reviewed the facts and is
satisfied that the communication involves
suspected criminal activities and has given prior
approval for the communication.
18 Pa. C.S. § 5702.
The third sentence is a key change. In adding it, the
specific facts and holdings of Proetto and Cruttenden—
exempting a law enforcement officer from liability for
acquiring communications when he is an “intended recipient”
or is posing as one—are now explicitly included as a carve-out
in the definition of “intercept.” Id. But this also limits the
expansive reach of those cases.
The “inclusion of a specific matter in a statute implies
the exclusion of other matters” under the expressio unius est
exclusio alterius (the expression of one thing is the exclusion
of the other) canon of statutory interpretation. Atcovitz v.
Gulph Mills Tennis Club, Inc., 

, 1223 (Pa.
2002); see also Andrus v. Glover Constr. Co., 

,
616–17 (1980) (“Where Congress explicitly enumerates
certain exceptions to a general prohibition, additional
exceptions are not to be implied, in the absence of evidence of
a contrary legislative intent.”). Thus inclusion of one
exception implies the deliberate exclusion of another. Here the
Pennsylvania legislature decided to codify a specific, narrow
intended-recipient exemption for law enforcement, limiting
Proetto and Cruttenden to their facts. This implies it chose to
reject the broader implications of those cases.
The Pennsylvania legislature had the opportunity to
adopt the expansive language from those opinions. And it had
11
a prototype for a direct-party exception in the Federal Wiretap
Act. See 

(2)(d) (“It shall not be unlawful
under this chapter for a person not acting under color of law to
intercept a wire, oral, or electronic communication where such
person is a party to the communication or where one of the
parties to the communication has given prior consent to such
interception.” (emphasis added)). Still it codified only a law-
enforcement exception, thus limiting any direct-party
exception to that context.3 And even that exception was
narrower than the Proetto exception or that of the Federal
Wiretap Act. The text shows that, even for law enforcement,
being a direct party is not enough to exempt officers from
liability: they must also have the prior approval of a
supervising official to make their actions lawful.
3
The Defendants argue we should not read the 2012
amendment as a rejection of a broad direct-party exception.
They believe the Pennsylvania legislature enacted the
amendment “to address a narrow issue relating to police
activity arising out of the Cruttenden case, and specifically to
undo a lower court decision in that case” that seemed to
undermine Proetto. Defs.’ Suppl. Br. at 1. Though we agree
the legislative history cited by the Defendants suggests the
Pennsylvania legislature enacted the 2012 amendment to
preserve the Proetto exception, we disagree with their
conclusion that this means the legislature preserved the broader
exception in those cases. When it codified Proetto, it did not
choose to codify the broader language from that opinion, as it
could have. Had it truly wished to preserve everything Proetto
implied, it could have codified a direct-party exception like the
one in the Federal Wiretap Act.
12
Indeed, the broader exception the Defendants ask us to
read into the statute conflicts with the rest of the Act. It excepts
a range of conduct from the general bar against wiretapping.
See 18 Pa. C.S. § 5704. One exception makes it lawful for “[a]
person, to intercept a wire, electronic or oral communication,
where all parties to the communication have given prior
consent to such interception.” Id. § 5704(4) (emphasis added).
If, as the Defendants argue, a party to a communication may
lawfully intercept it without the other person’s consent just
because it is a “direct party” to that communication, the all-
party consent requirement would disappear.4
Resisting this outcome, Defendants contend that
Commonwealth v. Diego, a criminal suppression case decided
by Pennsylvania’s intermediate appellate court after the 2012
amendments, revived a sweeping direct-party exception to the
WESCA. See 

 (Pa. Super. Ct. 2015). We
disagree.
Diego involved a text message conversation between
two consenting participants that was later “subsequently
relayed” by one of them to the police after “the communication
ha[d] ended.” 

. The Court allowed the text message
into evidence, as the recipient (Still) “control[led] the destiny
4
To give another example, the WESCA creates an exception
for an interception by a law enforcement officer where the
officer is a party to the communication and the other party is
either holding a hostage or has barricaded himself to avoid
apprehension and that party either may resist with the use of
weapons or is threatening harm to himself or others. See 18
Pa. C.S. § 5704(12). This exception shows it is simply not
enough for the person making the interception to be a direct
party to the communication.
13
of the content of that message once it [was] received.” Id. at
378. As such, the defendant (Diego) “lacked a reasonable
expectation of privacy in the text message conversation he had
with Still.” Id.
Considering that the WESCA “is to be strictly construed
to protect individual privacy rights,” Com. v. Shreffler, 

, 764 (Pa. Super. Ct. 2018), we do not hesitate to limit
the holding in Diego to the facts of that case. Though it
mentions Diego and Still communicating “directly” by text
messages and Still “relay[ing]” those messages to the police,
that is hardly enough to resurrect a broad direct-party
exception. 119 A.3d at 380–81. We therefore discern no
principled basis to rule that Diego authorizes, absent consent,
the kind of surreptitious tracking that occurred here.
The Pennsylvania Superior Court apparently agrees
with us. It has since reframed Diego as a consented intercept
case rather than a case not involving an intercept. See
Commonwealth v. Byrd, 

, at *5 & n.16 (Pa.
Super. Ct. Mar. 26, 2018) (citing Diego for the proposition that
“[t]he mutual consent exception [in Section 5704(4)] permits
interception of conversations in instances where the defendant
‘knew, or should have known, that the conversation was
recorded’”) (emphasis added). This reframing, when paired
with our analysis of the WESCA’s plain language and statutory
history, persuades us the Pennsylvania Supreme Court would
rule that there is no sweeping direct-party exception to civil
liability under the WESCA.5 See Covington v. Cont’l Gen.
Tire, Inc., 

, 218 (3d Cir. 2004). Thus NaviStone
5
We thus need not consider Popa’s argument that NaviStone
was not a direct party, as NaviStone could remain liable
whether a direct party or not.
14
and Harriet Carter cannot avoid liability merely by showing
that Popa unknowingly communicated directly with
NaviStone’s servers.6
B.
This leads to our next question: when NaviStone
intercepted Popa’s electronic communications, where did that
interception occur?       The answer is important because
Pennsylvania courts have declined to extend the WESCA to
cover conduct occurring wholly outside the Commonwealth—
at least in the context of recording telephone conversations.
Larrison v. Larrison, 

, 898 (Pa. Super. Ct. 2000).
When a person in New York, for example, tape records a phone
call with someone in Pennsylvania, the WESCA does not apply
because the Commonwealth has “no power to control the
activities that occur within a sister state.” 

6
This of course contrasts with our decisions involving the
Federal Wiretap Act in In re Google Inc. Cookie Placement
Consumer Privacy Litigation, 

 (3d Cir. 2015), and
In re Nickelodeon Consumer Privacy Litigation, 

(3d Cir. 2016), both written by Judge Fuentes, a member of the
panel here. There we decided the defendants were not liable
under the Federal Wiretap Act because the users’ browsers sent
GET requests directly to the defendants, making them “parties”
to the communication. In re Google, 806 F.3d at 142–43; In re
Nickelodeon, 827 F.3d at 274. As we already mentioned, the
Federal Wiretap Act—unlike the WESCA—has an explicit
direct-party exemption. See 

(2)(d). So we
reached a different conclusion in those cases by applying that
exemption. In re Google, 806 F.3d at 142–43; In re
Nickelodeon, 827 F.3d at 274.
15
There are two possible “intercept” points here. One,
which the District Court recognized and the Defendants now
argue for, is when Popa’s electronic communications reached
their final destination at NaviStone’s servers in Virginia. If this
is the sole point of interception, then we would need to conduct
a choice-of-law analysis to determine whether the WESCA
should reach this conduct. See id. The other, pushed by Popa,
is when the electronic communications were sent from Popa’s
browser to NaviStone without her knowledge. She asserts this
occurred within Pennsylvania’s borders. If so under her
theory, Pennsylvania law should apply.
The WESCA does not demarcate where an interception
occurs. Yet we know from the statute’s definition that an
interception involves the “[a]ural or other acquisition of the
contents of any wire, electronic or oral communication through
the use of any electronic, mechanical or other device.” 18 Pa.
C.S. § 5702. And while the statute does not further define
“acquisition,” we can apply the word’s “common and approved
usage.” 1 Pa. C.S. § 1903(a). “Acquisition” means “the act of
acquiring.” Webster’s New Collegiate Dictionary 11 (1977).
And “acquire,” in turn, means “to come into possession or
control of,” id., or to “gain [or] obtain,” The Oxford Dictionary
of English Etymology 9 (1966). The result is that an
interception occurs where there is an act taken to gain
possession of communications using a device.
Sometimes that place is obvious. Picture the days
before wireless communication when police tapped a phone
line by cutting the telephone wire that carried the conversation
from one line to the other and adding a wire to the officer’s
own phone. There, cutting the wire and attaching another one
is clearly an act taken to gain possession of the wire
communication, and thus an intercept occurred where that wire
16
was cut. This tracks the holdings of several federal courts of
appeals interpreting the identical portion of the federal
definition of “intercept”: when the contents of a
communication are “captured or redirected in any way, an
interception occurs at that time.” United States v. Rodriguez,

, 136 (2d Cir. 1992); see also, e.g., United States
v. Denman, 

, 403 (5th Cir. 1996). So, in the
telephone wiretap context, the “jurisdiction in which the to-be-
tapped telephone is located” is one certain place where an
interception occurred, for that is where the communications are
rerouted, whether the listener is in the state or not. Rodriguez,

; see also United States v. Luong, 

, 1109 (9th Cir. 2006).
Electronic communications are similarly “intercepted”
when software reroutes communications to an interceptor.
Take the Sixth Circuit case, Luis v. Zang, 

 (6th
Cir. 2016).       A jealous husband installed software,
WebWatcher, on his wife’s computer so he could monitor her
online conversations. 

 at 623–24. Once installed, it would
“automatically acquire[] and transmit[] communications” such
as emails and chat messages to the software manufacturer,
Awareness, at its servers in California. 

. A man with
whom the wife was communicating sued Awareness after his
online communications were directed to its servers. 

.
Though Awareness tried to argue that the husband, not it, had
intercepted the communications by later viewing them, the
Sixth Circuit disagreed. 

. The “intercept of a
communication,” it said, “occur[red] at the point where
WebWatcher—without any active input from the user—
capture[d] the communication and reroute[d] it to Awareness’s
own servers.” 

 As with tapped phones, Awareness
17
“‘acquire[d]’ the communications by rerouting them to servers
that it owns and controls.” 7 

 (emphasis added).
So NaviStone intercepted Popa’s communications at the
point where it routed those communications to its own servers.
And that was at Popa’s browser, not where the signals were
received at NaviStone’s servers. The Defendants’ own
evidence details how NaviStone went about obtaining the
communications. It provided JavaScript code to Harriet Carter
to install on its website. This code would “begin[] to run when
the website page, which includes the code, [was] fully rendered
and loaded in the visitor’s web browsing software.” Appx. at
189. Then, when the user interacted with the website in
specific ways (such as by adding an item to a cart or tabbing
out of a form field), “the code cause[d] certain
communications to be sent from the visitor’s web browser
directly to NaviStone.” 

 (emphasis added); see also

 at 189–91 (detailing which communications triggered
messages to NaviStone). Thus when the code—the rerouting
device at issue8—told Popa’s browser to send communications
7
That is not to say that an interception fails also to occur where
the information is ultimately received by the “listener.” Our
Circuit has also adopted the “listening post” theory—at least
for federal wiretaps—which holds that an interception can take
place also where the contents of the communication are heard
by law enforcement officers. United States v. Jackson, 

, 551 (3d Cir. 2017). Whether this theory extends to
the WESCA or electronic communications is another question
for another day.
8
The Defendants do not argue on appeal that the JavaScript on
Harriet Carter’s website is not a “device.” We therefore
assume for the purposes of this opinion that it is.
18
to NaviStone and those electronic signals were routed to
NaviStone’s servers, an interception occurred.9
The problem, though, is we still don’t know exactly
where Popa’s browser accessed the Harriet Carter website and
where NaviStone’s JavaScript began telling the browser to
communicate with its servers. The parties seem to assume this
occurred in Pennsylvania, but they point us to no source in the
record confirming this point. We therefore leave it to the
9
The Defendants argue against this interpretation of the statute,
invoking the constitutional-doubt canon. Specifically, they
urge that “[a]pplying WESCA to NaviStone based on conduct
that occurred wholly outside of Pennsylvania would have the
‘practical effect’ of regulating commerce occurring wholly
outside Pennsylvania and would thus violate the Commerce
Clause.” Defs.’ Br. at 44.
We decline to apply this canon for two reasons. First,
before it “may be used, there must exist a doubt as to the
meaning of the statute.” United States v. Grier, 

,
567 n.7 (3d Cir. 2007); see also 1256 Hertel Ave. Assocs., LLC
v. Calloway, 

, 261 (2d Cir. 2014) (“Application
of the [constitutional-doubt] canon requires that the statute in
question be genuinely susceptible to at least two
interpretations . . . .”). And here there is no genuine doubt
about the plain meaning of the statute. Second, we need not
apply this canon when “a constitutional question, while lacking
an obvious answer, does not lead a majority gravely to doubt
that the statute is constitutional.” Almendarez-Torres v. United
States, 

, 239 (1998). Though the Defendants raise
interesting constitutional issues about the States’ ability to
regulate internet communications more generally, we do not
have grave doubts as to the constitutionality of the WESCA.
19
District Court to determine anew whether there is a genuine
issue of material fact about where the interception occurred.
While we do not resolve this question in this appeal, we do hold
that the place of interception is the point at which the signals
were routed to NaviStone’s servers.10
C.
So does this mean websites can never use cookies or
third-party marketing companies to analyze customer data?
Though the Defendants try to convince us about the certainty
of any number of “parade of horribles,” the WESCA is not so
unreasonable. It, like the Federal Wiretap Act, includes many
exceptions from liability. One is the all-party consent
exception, under which it is not unlawful for someone to
“intercept a wire, electronic or oral communication, where all
parties to the communication have given prior consent to such
interception.” 18 Pa. C.S. § 5704(4). Thus if someone
consents to the interception of her communications with a
website, the WESCA does not impose liability. Here the
Defendants obviously consented to the interception. The
question is whether Popa did as well.
10
We note that the Defendants’ interpretation of the statute
(that communications are only intercepted when received at the
server) would also lead to absurd results. Under this theory,
companies could capture the data of people in other states as
long as they parked their servers in a state with weak privacy
protections. That would significantly undermine the privacy
protection that is at the core of the WESCA and would be
inconsistent with the General Assembly’s intent.           See
Spangler, 809 A.2d at 237 (discussing how the WESCA
“emphasizes the protection of privacy”).
20
The Defendants argue Popa impliedly consented to the
interception because Harriet Carter included a privacy policy
on the website when she visited. Though Popa claims she
never saw the policy, the Pennsylvania Supreme Court has said
that “prior consent” in § 5704(4) does not require “actual
knowledge.” Commonwealth v. Byrd, 

, 319 (Pa.
2020). Prior consent, including implied consent, “can be
demonstrated when the person being recorded knew or should
have known[] that the conversation was being recorded.” 

(internal quotation marks omitted).
Because the District Court granted summary judgment
on other grounds, it never addressed whether Harriet Carter
posted a privacy policy and, if so, whether that policy
sufficiently alerted Popa that her communications were being
sent to a third-party company. The Defendants assert the
privacy policy adequately alerted a reasonable person to the
interception; hence Popa’s conduct using the Harriet Carter
website demonstrated she consented. Popa disagrees that the
policy went far enough and, alternatively, contends there is a
genuine issue of material fact about whether this policy even
existed at the time she visited the Harriet Carter website.11
These are arguments that should be addressed first by
the District Court. We generally decline to resolve issues not
decided by a district court, choosing instead to allow it to
decide in the first instance. Forestal Guarani S.A. v. Daros
Int’l, Inc., 

, 401 (3d Cir. 2010). And this is
particularly appropriate here because there are unresolved
11
Though a senior Harriet Carter employee attested in a
declaration that the privacy policy was on the website during
the relevant period, later in a deposition he said he could not
provide the privacy policy as it existed in 2018.
21
disputes about the evidence supporting the Defendants’
privacy policy arguments. See Doc. 97 (Popa objecting to
portions of the declarations of Larry Kavanagh, Chris Ludwig,
and Greg Humphreys, including challenging parts discussing
the privacy policy); Appx. at 21 (denying as moot Popa’s
evidentiary objections). These objections will need to be
resolved before determining whether the Defendants are
entitled to summary judgment on the basis of Harriet Carter’s
privacy policy.
*      *      *
The WESCA “emphasizes the protection of privacy.”
Spangler, 809 A.2d at 237. Consistent with that emphasis, it
applies when anyone intercepts communications—that is,
takes an action to acquire them with a device. And it requires
all parties—not just a party—to consent to that interception.
As we part with the District Court’s holding that NaviStone is
exempt from liability because it was a direct party to Popa’s
communications and that interception only occurred at the site
of NaviStone’s servers in Virginia, we vacate the Court’s order
granting summary judgment and remand for further
consideration.
22