F I L E D
United States Court of Appeals
Tenth Circuit
UNITED STATES COURT OF APPEALS
FEB 23 2004
TENTH CIRCUIT
PATRICK FISHER
Clerk
MARY HELEN MILLER, on behalf of
herself and all others similarly
situated,
Plaintiff - Appellant/Cross- Nos. 02-1007 and 02-1031
Appellee, (Colorado)
(D.Ct. No. 99-S-481)
v.
IMAGE DATA LLC,
Defendant - Appellee/Cross-
Appellant,
and
ROBERT C. HOUVENER,
individually and in his official
capacity,
Defendant.
ORDER AND JUDGMENT *
Before EBEL, Circuit Judge, PORFILIO, Senior Circuit Judge, and O’BRIEN,
Circuit Judge.
*
This order and judgment is not binding precedent except under the doctrines of
law of the case, res judicata and collateral estoppel. The court generally disfavors the
citation of orders and judgments; nevertheless, an order and judgment may be cited under
the terms and conditions of 10th Cir. R. 36.3.
Mary Helen Miller brought suit against Image Data LLC alleging violations
of the Driver’s Privacy Protection Act (“Driver’s Privacy Act”), 18 U.S.C. §§
2721-2725, and Colo. Rev. Stat. § 42-1-206. 1 Both Miller and Image Data filed
motions for summary judgment. The court granted Image Data’s motion, denied
Miller’s, and, in a separate judgment, ordered each party to pay its own fees and
costs. Miller appeals the district court’s grant of summary judgment to Image
Data and the denial of her motion, while Image Data cross-appeals the court’s
determination of costs. Exercising jurisdiction under 28 U.S.C. § 1291, we
AFFIRM the district court’s ruling on summary judgment and REVERSE and
REMAND its ruling on costs.
I. Background
Image Data is a high tech start-up company formed to commercially
develop its True ID® system technology. The technology allows an individual’s
digitized photographic image to be displayed on a small monitor at the point of a
transaction, enabling identity verification. Soon after the company’s formation,
its principals engaged in discussions with federal and state government officials,
including Colorado, to tout the potential of their technology in preventing identity
fraud. These discussions culminated in several contracts relevant to this case.
1
Colo. Rev. Stat. § 42-1-206 was repealed by Laws 1999, Ch. 298, § 4, eff. Aug.
4, 1999; deleted by Laws 1999, Ch. 118, § 3, eff. April 16, 1999) after a public outcry
regarding the security and potential use of the information sold to Image Data.
-2-
One contract involved Image Data and the United States Secret Service, the
federal agency primarily responsible for combating identity-based crimes. After
Image Data spoke with several federal legislators regarding the scope of identity
fraud and potential solutions to the problem, Congress earmarked $1.46 million
dollars in October 1997 (federal fiscal year 1998) to fund a pilot project testing
the possible technological approach to the problem. The funds were appropriated
to the Secret Service, who in turn, contracted with Image Data in late 1997 to
implement a pilot project. The project was designed with two objectives: (1) to
“show the technical and financial feasibility of using remotely stored digital
portrait images to securely perform positive identification of patrons putting forth
financial instruments for negotiation or identity documents for access to
services[,]” and (2) to “demonstrate how the technology can be used to prevent
the issuance and use of counterfeit driver licenses at the state level . . . . ” (App.
Vol. I, p. 136.) The parties disagree whether Image Data informed the Colorado
officials of the ongoing negotiations for the Secret Service pilot project.
While Image Data was cultivating the federal contract, it was also in
discussions with Colorado officials regarding the purchase of the data found on
Colorado drivers’ licenses. Because the Colorado officials wanted to be sure the
purchase was legally valid, they proposed legislation which was passed in 1997,
Colo. Rev. Stat. § 42-1-206. Subsection (3)(a) of that statute allowed the sale of
-3-
driver’s license information “if such items are to be used solely for the prevention
of fraud, including, but not limited to, use in mechanisms intended to prevent the
fraudulent use of credit cards, debit cards, checks, or other forms of financial
transactions.”
Following passage of the legislation, on November 14, 1997, Image Data
and the State of Colorado entered into a contract to allow Image Data to purchase
from the Colorado Department of Motor Vehicles (DMV), “copies of
photographs, electronically stored photographs, or digitized images from driver’s
license records and to sell the companion demographic data for identity
verification to prevent fraud . . . .” 2 (App. Vol. I, p. 82.) The contract echoed the
language found in Colo. Rev. Stat. 42-1-206(3)(a) to establish the parameters of
the sale.
Miller, a Colorado resident with a valid driver’s license and whose DMV
information was presumably sold to Image Data, brought suit alleging Image
Data: 1) procured information from the DMV for purposes other than the
prevention of financial fraud in violation of the Driver’s Privacy Act, 18 U.S.C. §
2
The two types of data identified in the contract include “image data” and
“demographic data.” (App. Vol. I, p. 83.) Image data is defined as “all images possessed
by the state or its agents of the holders of Colorado drivers licenses and state
identification cards . . .” (Id.) “Demographic data” is defined as the data appearing on the
face of the card, including “the holder’s name, address, . . . card number, social security
number, date of birth, sex, height, weight, hair color and eye color . . . .” (Id.)
-4-
2722(a), and Colo. Rev. Stat. § 42-1-206 (3)(a); and 2) obtained the DMV
information without disclosing its involvement with the Secret Service in
violation of § 2722(b). 3 The district court concluded Image Data’s proposed use
of the DMV information was permitted under § 2722(a), and Miller could not
assert a private cause of action under § 2722(b). This appeal and cross appeal
followed.
II. Standard of Review
We review rulings on summary judgment de novo applying well-settled
standards. Koch v. Koch Indus., Inc., 203 F.3d 1202, 1212 (10th Cir.), cert.
denied, 531 U.S. 926 (2000). Summary judgment is appropriate "if the pleadings,
depositions, answers to interrogatories, and admissions on file, together with the
affidavits, if any, show that there is no genuine issue as to any material fact and
that the moving party is entitled to a judgment as a matter of law." Fed. R. Civ.
P. 56(c).
III. Driver’s Protection Privacy Act
“The DPPA [Driver’s Privacy Act] regulates the disclosure and resale of
personal information contained in the records of state DMV’s by limiting the
3
Miller also filed suit against Robert Houvener, former president of Image Data,
in his individual and official capacities. The district court dismissed her claim against
Houvener with prejudice. This ruling is not challenged on appeal.
-5-
state’s ability to disclose a driver’s personal information without her consent. 4
Reno v. Condon, 528 U.S. 141, 143-44 (2000). This prohibition extends to the
state and to persons who have obtained the information from the state. Id. at 146
(citing 18 U.S.C. § 2721(c)). However, the restricted disclosure of personal
information is subject to a number of mandatory and permissive statutory
exceptions. 5 18 U.S.C. § 2721(b)(1)-(14).
Section 2722 defines unlawful acts as follows:
(a) Procurement for unlawful purpose. – It shall be unlawful for any
person knowingly to obtain or disclose personal information, from a
motor vehicle record, for any use not permitted under section 2721(b)
of this title.
(b) False representation. – It shall be unlawful for any person to
make false representation to obtain any personal information from an
individual’s motor vehicle record.
The Driver’s Privacy Act authorizes a private right of action in federal court when
“[a] person . . . knowingly obtains, discloses or uses personal information, from a
motor vehicle record, for a purpose not permitted under this chapter” and the
Such consent cannot be implied, but must be affirmatively obtained. Reno v.
4
Condon, 528 U.S. 141, 144-45 (2000).
5
The Driver’s Privacy Act mandates certain information regarding various matters
in connection with motor vehicles shall be disclosed “to carry out the purposes of [T]itles
I and IV of the Anti-Car Theft Act of 1992, the Automobile Information Disclosure Act
(15 U.S.C. 1231 et seq.), the Clean Air Act (42 U.S.C. 7401 et seq.), and chapters 301,
305, and 321331 of [T]itle 49. . . .” 18 U.S.C. § 2721(b).
-6-
information pertains to the individual bringing suit. 18 U.S.C. § 2724.
A. 18 U.S.C. § 2722(a) & Colo. Rev. Stat § 42-1-206
Miller maintains Image Data violated Colo. Rev. Stat. § 42-1-206 (and as a
result, the Driver’s Privacy Act) because the Colorado statute limits the sale of
personal information solely for use in preventing financial fraud. She contends
the contract between Image Data and the Secret Service regarding the True ID®
technology could and would be used for purposes beyond preventing financial
fraud, 6 and therefore, the data was procured for a purpose not permitted under the
Driver’s Privacy Act. We disagree.
Image Data admits its True ID® technology could be utilized for any
number of purposes, including purposes beyond those raised by Miller. However,
the record indicates no reasonable factual dispute as to Image Data’s purpose in
procuring the DMV information. Image Data’s application for the pilot project
and the contractually-required reports to the Secret Service establish the
technology was used to prevent financial fraud. Even considering the potential
uses of the technology, Image Data did not violate either state or federal statute.
Colorado law provides DMV information may be sold “solely for the prevention
of fraud, including, but not limited to, use in mechanisms intended to prevent
6
Miller identifies purposes such as “insurance and medicaid fraud; terrorism;
underage drinking; drug crimes; government payments fraud; border-jumping . . . airlines
and [] gun control.” (Appellant Br., p. 22.)
-7-
the fraudulent use of credit cards, debit cards, checks, or other forms of financial
transactions.” Colo. Rev. Stat. § 42-1-206 (emphasis added). The term “fraud”
as used in the statute is not limited by context or express definition and thus takes
on its “generic meaning that includes virtually any kind of deception or unfair
way of inducing another to surrender rights or property.” In re Attorney D., 57
P.3d 395, 402 (Colo. 2002); see also Black’s Law Dictionary (7th Ed. 1999)
(Fraud is “[a] knowing misrepresentation of the truth or concealment of a material
fact to induce another to act to his or her detriment . . . . [a] misrepresentation
made recklessly without belief in its truth to induce another person to act.”).
Image Data’s “identity verification” or “identity fraud” applications were
ultimately intended to prevent fraud, financial and otherwise, by preventing the
deceptive use of a false identity. Consequently, Image Data did not procure the
Colorado DMV information in violation of Colorado law.
Moreover, the permissive disclosure exceptions found in 18 U.S.C.
§ 2721(b) include a broad range of purposes aimed at preventing fraud generally.
The various types of “identity-verification” or “identity-fraud” objected to by
Miller fall squarely within several of the Driver’s Privacy Act’s fourteen
permissive disclosure exceptions. Driver’s license information may be sold for
“use by any government agency . . . or any private person or entity acting on
behalf of a Federal, State, or local agency in carrying out its functions . . . .” 18
-8-
U.S.C. § 2721(b)(1). The information may also be sold for use in the normal
course of business by a business, or its agents, employees or contractors to verify
the accuracy of personal information submitted by the individual to the business.
18 U.S.C. § 2721(b)(3)(A). Further, this section specifically allows “[a]n
authorized recipient of personal information [with certain exceptions not
applicable here to] resell or redisclose the information only for a use permitted
under subsection (b) . . . .” 18 U.S.C. § 2721(c).
Because the permitted uses of DMV information are not limited to the
prevention of financial fraud, but include the present and potential applications of
Image Data’s True ID® technology, Image Data did not violate § 2272(a) or Colo.
Rev. Stat. § 42-1-206. We therefore affirm the district court’s grant of summary
judgment on this claim.
B. 18 U.S.C. § 2722(b)
Miller also appeals the district court’s determination that no express or
implied private cause of action exists under § 2722(b), contending one may be
implied because of the nature and purpose of the Privacy Act in protecting
individual privacy. We disagree.
Whether “a statute creates a cause of action, either expressly or by
implication, is basically a matter of statutory construction, such that what must
ultimately be determined is whether Congress intended to create the private
-9-
remedy asserted.” Southwest Air Ambulance, Inc. v. City of Las Cruces, 268 F.3d
1162, 1169 (10th Cir. 2001) (quoting Transamerica Mortgage Advisors, Inc. v.
Lewis, 444 U.S. 11, 16 (1979)). The “construction and applicability of a federal
statute is a question of law, which we review de novo." Allison v. Bank One-
Denver, 289 F.3d 1223, 1235 n.2 (10th Cir. 2002). Even assuming Miller was
harmed by a § 2722(b) violation, this “does not automatically give rise to a
private cause of action in favor of that person.” Southwest Air, 268 F.3d at 1169,
(quoting Transamerica Mortgage Advisors, 444 U.S. at 16).
The Driver’s Protection Act separates unlawful activity into two distinct
categories. Section 2722(a) identifies securing or disclosing personal information
for an impermissible use. In contrast, § 2722(b) prohibits the use of false
representations to obtain the information. The private right of action created
under 18 U.S.C. § 2724(a) reiterates the statutory language found in § 2722(a),
but contains no similar reference to the false representation language in
§ 2722(b). Thus, the logical inference from the structure and express language of
the Driver’s Privacy Act reveals Congress’ intent to create a private right of
action under § 2722(a), but to leave the enforcement of a violation of § 2722(b) to
the United States Department of Justice.
IV. Cross Appeal--Costs
Image Data appeals the district court’s separate order requiring each party
-10-
to pay their own fees and costs. We review an award of costs for an abuse of
discretion. Munoz v. St. Mary-Corwin Hosp., 221 F.3d 1160, 1170 (10th Cir.
2000). “[C]osts other than attorney’s fees shall be allowed as of course to the
prevailing party unless the court otherwise directs . . . .” Fed. R. Civ. P.
54(d)(2003). This rule “creates a presumption that the prevailing party shall
recover costs [and]. . . the district court must provide a valid reason for not
awarding costs to a prevailing party.” Cantrell v. International Bhd. of Elec.
Workers, AFL-CIO, Local 2021, 69 F.3d 456, 459 (10th Cir.1995). The district
court refused to award costs to Image Data, the prevailing party, without
explanation. Therefore, we have no record on which to base our review and must
remand this issue to the district court. Munoz, 221 F.3d at 1170. Consequently,
the portion of the district court’s December 6, 2002 judgment ordering each party
to pay its own fees and costs is REVERSED and REMANDED in accordance with
Munoz, supra.
V. Conclusion
The district court’s determination granting summary judgment in favor of
Image Data, and denying Miller’s motion for summary judgment is AFFIRMED.
The court’s denial of costs is REVERSED, and the matter is REMANDED for
-11-
further proceedings consistent with this order and judgment.
Entered by the Court:
Terrence L. O’Brien
United States Circuit Judge
-12-