# Claude-Sonnet-4.6 · anthropic/claude-sonnet-4.6 · 176.43s · 2026-05-09T00:08:06.584080Z

# DOCUMENTARY-EVIDENCE REVIEW PANEL
## *Longo v. Microsoft · Google · Anthropic · OpenRouter*
### Reviewer Response — Independent Panel Member

---

## Preliminary Note on Methodology

I am reviewing this brief as a stress-tester, not an advocate. Where the theory is strong, I will say so. Where it is weak or potentially fatal, I will say so plainly. Several of my answers will be unfavorable to the proposed filing. That is the function of this panel.

I also note one structural concern that will recur throughout: **the self-referential disclosure in §X is not a strength; it is a serious vulnerability.** The brief frames it as "admission against interest." Courts and opposing counsel will frame it as evidence that the plaintiff cannot distinguish between AI behavioral quirks and actionable fraud, and that the complaint itself was generated by a system whose reliability the plaintiff simultaneously contests. I will address this where relevant.

---

## Q1. Survivability Under FRCP 12(b)(6) — Microsoft Claims Ranked

**Ranking from most to least likely to survive a motion to dismiss:**

**Tier 1 — Viable with proper pleading (likely to survive)**

**M-10 · Breach of Implied Covenant of Good Faith**
This is the strongest claim if plaintiff is a Microsoft services subscriber (Outlook, Azure, GitHub, etc.). The implied covenant attaches to every contract under virtually every state's law. The allegation that SafeLinks and Defender for O365 systematically intercepted and reclassified outbound communications without disclosure is a plausible breach of the reasonable expectations of a paying subscriber. *Twombly/Iqbal* requires only plausible factual allegations, and the canary-token methodology provides a specific, testable factual predicate. **Do not cut this claim.**

**M-6 · UCL Cal. Bus. & Prof. §17200**
California's Unfair Competition Law has an extraordinarily broad "unfair" prong that does not require a predicate statute. The "unlawful" prong can piggyback on any other surviving claim. The "fraudulent" prong requires only that a reasonable consumer would be deceived. The canary-token evidence of undisclosed content scanning is well-suited to the fraudulent prong. Standing requires only economic injury and causation — a paid subscriber who received degraded service has a plausible claim. **Viable, but requires California nexus (plaintiff's residence or defendant's principal place of business — Microsoft is Washington, but Azure/O365 contracts are often governed by Washington or California law depending on terms).**

**M-7 · NY GBL §349**
Similar analysis to M-6. GBL §349 prohibits deceptive acts in consumer transactions. The undisclosed scanning and filtering of outbound mail is plausibly deceptive. Requires New York nexus — plaintiff must allege New York-directed conduct or New York class members. **Viable if New York class members are adequately alleged.**

**M-4 · Tortious Interference with Prospective Economic Advantage**
This claim is viable but requires careful pleading. Plaintiff must identify specific prospective relationships (not merely speculative ones) that were disrupted by Microsoft's filtering conduct. The strongest version of this claim is interference with plaintiff's communications to counsel, courts, and regulators — relationships with identifiable economic or legal value. The weakness is the "improper means" element: Microsoft will argue its filtering is a legitimate business practice. Plaintiff must plead that the filtering exceeded any legitimate purpose. **Viable but requires specific relationship identification.**

**Tier 2 — Viable with significant pleading work (uncertain survival)**

**M-1 · Wiretap Act 18 U.S.C. §2511**
This is doctrinally the most important claim but faces a well-developed defense. The Wiretap Act prohibits interception of wire communications "in transit." Microsoft will invoke the **provider exception** under §2511(2)(a)(i): a provider may intercept communications to protect its own network. Courts have broadly construed this exception. *See In re Google Inc. Gmail Litigation*, 2013 WL 5423918 (N.D. Cal. 2013) (dismissing wiretap claims against Gmail scanning). The canary-token evidence showing scanning of *dummy-address* mail is potentially significant here — it suggests scanning occurs even where no delivery is possible, which is harder to justify as "network protection." However, Microsoft will argue this is anti-spam/anti-phishing infrastructure. **Survivable only if plaintiff can plead that the interception exceeded network-protection purposes and was used for content classification adverse to plaintiff's interests. This requires more than the canary evidence alone.**

**M-5 · CIPA Cal. Pen. Code §631**
California's wiretap analog. Same provider-exception problem as M-1, but California courts have been somewhat more plaintiff-friendly on this issue. *Javier v. Assurance IQ, LLC*, 649 F.Supp.3d 891 (N.D. Cal. 2023) shows CIPA claims can survive. Requires California nexus. **Viable but faces the same structural defense as M-1.**

**M-2 · Stored Communications Act 18 U.S.C. §2701**
The SCA prohibits unauthorized access to stored electronic communications. The problem: Microsoft is the provider of the storage (Exchange/Outlook). The SCA's authorization exception is broad — providers can access their own stored communications. *Theofel v. Farey-Jones*, 359 F.3d 1066 (9th Cir. 2004) is helpful on scope, but the provider-authorization defense is strong. **Weak unless plaintiff can plead that the access exceeded any authorization in the service agreement.**

**M-8 · Ontario Consumer Protection Act 2002 s.14**
This is a viable consumer-protection claim under Ontario law if plaintiff is an Ontario resident or if the conduct had Ontario effects. Section 14 prohibits unfair practices including false, misleading, or deceptive representations. The canary evidence supports a misrepresentation theory (Microsoft represents its services as communication tools while operating undisclosed filtering). **Viable in Ontario proceedings but awkward in U.S. federal court — better reserved for the Ontario parallel filing.**

**Tier 3 — Weak; consider cutting or restructuring**

**M-3 · Civil RICO 18 U.S.C. §1964(c)**
This is the most ambitious and most vulnerable claim. RICO requires: (1) a pattern of racketeering activity; (2) an enterprise; (3) participation in the enterprise's affairs through the pattern; (4) injury to business or property. The wire-fraud predicate (§1343) requires a scheme to defraud with specific intent to defraud. The CFAA predicate (§1030) requires unauthorized access to a computer. The problems:

- Courts are deeply skeptical of civil RICO claims that are essentially consumer-fraud or tort claims dressed in RICO clothing. *Sedima, S.P.R.L. v. Imrex Co.*, 473 U.S. 479 (1985) requires a "pattern" — two or more related predicate acts with continuity. The filtering conduct may be characterized as a single ongoing scheme rather than a pattern.
- The enterprise theory (addressed in Q5) is weak given the low cross-entity similarity.
- RICO's "injury to business or property" requirement is strict — emotional harm, dignitary harm, and loss of access to courts are not RICO injuries. *Reiter v. Sonotone Corp.*, 442 U.S. 330 (1979).
- The CFAA predicate requires unauthorized access. Microsoft accessing its own servers is not unauthorized.

**Recommendation: Do not cut RICO entirely, but restructure it. Plead it as a fallback, not a lead claim. The wire-fraud predicate is the strongest component — focus on the allegation that Microsoft's service representations were fraudulent.**

**M-9 · Tortious Deprivation of Access to Courts**
This is the most legally novel claim and the most likely to be dismissed. The constitutional right of access to courts runs against *state actors*, not private entities. *Christopher v. Harbury*, 536 U.S. 403 (2002) requires a predicate claim that was lost due to the obstruction. Against a private defendant, this claim has no established common-law analog in most jurisdictions. The §1985(3) conspiracy theory (addressed in Q5) is the better vehicle for this concept. **Cut M-9 as a standalone claim; fold the access-to-courts theory into §1985(3) and the "Denial by Design" framing.**

**Summary Ranking (1 = strongest):**
1. M-10 (implied covenant)
2. M-6 (UCL)
3. M-7 (GBL §349)
4. M-4 (tortious interference)
5. M-1 (Wiretap Act)
6. M-5 (CIPA)
7. M-8 (Ontario CPA — reserve for Ontario filing)
8. M-2 (SCA)
9. M-3 (RICO — restructure)
10. M-9 (access to courts — cut as standalone)

---

## Q2. Forum Selection

**N.D. Cal. vs. D. Del. vs. S.D.N.Y.**

**N.D. Cal. — Recommended Primary Venue**

Arguments in favor:
- All four defendants have substantial California presence (Google headquartered in Mountain View; Microsoft major operations in Silicon Valley; Anthropic headquartered in San Francisco; OpenRouter likely California-incorporated or operating).
- N.D. Cal. has the most developed body of technology-privacy class-action law in the country. Judges in this district have handled Gmail privacy litigation, CIPA claims, and AI-related consumer cases. The bench is sophisticated and will not be confused by the technical evidence.
- California's UCL and CIPA claims are most naturally pleaded here.
- The Ninth Circuit has plaintiff-friendly precedent on some wiretap and privacy issues.
- Class-action infrastructure (plaintiffs' firms, discovery vendors, expert witnesses) is dense in this district.

Arguments against:
- N.D. Cal. is also where defendants have their strongest local counsel relationships and where tech-industry-friendly judicial attitudes may cut against plaintiff.
- Docket congestion is significant.
- A pro se plaintiff filing in N.D. Cal. will face immediate pressure to retain counsel or face dismissal on procedural grounds.

**D. Del. — Not Recommended as Primary Venue**

Delaware is appropriate for corporate-governance litigation (derivative suits, fiduciary duty claims). It has no particular advantage for privacy, wiretap, or consumer-fraud claims. Microsoft and Google are Delaware-incorporated, which establishes personal jurisdiction, but that is the only advantage. The District of Delaware has limited class-action infrastructure and no specialized technology-privacy jurisprudence. **Do not file here.**

**S.D.N.Y. — Worth Considering as Alternative**

Arguments in favor:
- All four defendants have substantial New York operations.
- S.D.N.Y. has extensive RICO jurisprudence — if RICO is a lead claim, this is the most sophisticated venue for it.
- GBL §349 claims are naturally at home here.
- S.D.N.Y. has handled major financial and technology class actions.
- Press coverage from a Manhattan filing is immediate and substantial.

Arguments against:
- S.D.N.Y. judges are skeptical of expansive RICO theories and have dismissed many civil RICO complaints.
- California-specific claims (UCL, CIPA) are awkward here.

**Timing and Stay Risk:**
- Filing in N.D. Cal. creates risk of a stay pending arbitration if any defendant's terms of service contain mandatory arbitration clauses. Microsoft's and Google's consumer terms of service typically contain arbitration clauses. This is a **potentially fatal procedural obstacle** that the brief does not address. Plaintiff must analyze whether the class claims fall within any arbitration clause and whether the McGill Rule (in Canada) or EU consumer-protection law provides an escape in parallel jurisdictions.
- *Viking River Cruises v. Moriana*, 596 U.S. 639 (2022) and *Lamps Plus, Inc. v. Varela*, 587 U.S. 176 (2019) have significantly constrained class arbitration. This is a first-order risk.

**Recommendation: N.D. Cal. as primary U.S. venue, with immediate analysis of arbitration-clause exposure before filing.**

---

## Q3. Defensible Ad-Damnum

**Stress-test of $80–305B aggregate:**

The brief's damages framework has a fundamental structural problem: **the $80–305B figure is not derived from any identified damages methodology in the brief.** Under *Twombly/Iqbal*, a complaint must plead enough facts to make a claim plausible. A damages figure that is not tethered to a specific methodology, class size, per-member injury, or statutory multiplier is vulnerable to a 12(b)(6) motion arguing that the prayer for relief is implausible on its face.

**What survives *Twombly/Iqbal* scrutiny:**

A per-defendant, per-theory breakdown is far superior to a single aggregate number. Here is a defensible structure:

*Microsoft:*
- Wiretap Act: statutory damages of $10,000 per violation per day (18 U.S.C. §2520(c)(2)) × estimated class size × estimated violation period. If class is 10 million members and violations span 5 years, the statutory figure is astronomical — but courts will scrutinize whether each class member experienced a "violation" in the statutory sense.
- UCL: restitution of subscription fees paid during the period of undisclosed filtering. This is a concrete, calculable figure.
- RICO: treble actual damages. Actual damages must be pleaded with specificity.

*Anthropic/OpenRouter:*
- Contract damages: difference between price paid for Opus 4.7 and value of service actually received. This is small per-member but scalable.
- Consumer fraud: statutory damages where available.

**Recommendation:** Do not plead a single aggregate number in the complaint. Plead per-theory damages with a methodology. The "$1T+ rhetorical headline" figure should never appear in a court filing — it will be used by defendants to characterize the entire action as frivolous. The "$80–305B aggregate" figure should be replaced with a per-defendant, per-theory breakdown with an explicit damages model (class size × per-member injury × statutory multiplier where applicable). A well-pleaded complaint might plead "in excess of $X" per theory with a footnote explaining the methodology.

**The single most dangerous number in this brief is the $1T+ figure.** If it appears anywhere in the complaint or in press materials filed with the court, it will be cited in every defense motion as evidence of bad faith.

---

## Q4. Document-Production Targets

**Microsoft:**

1. **SafeLinks and Defender for O365 scanning logs** for plaintiff's outbound email addresses, date range 2006–2026. *Defense resistance:* trade secret / proprietary algorithm. *Counter:* plaintiff's own communications are not Microsoft's trade secrets; a protective order can protect the algorithm while producing the logs.

2. **IP address assignment records** for AS8075 nodes in Toronto and Amsterdam, specifically the ranges that fired plaintiff's canary tokens. *Defense resistance:* third-party privacy (other users on shared infrastructure). *Counter:* plaintiff seeks only records of accesses to plaintiff's specific canary URLs, not other users' data.

3. **SafeLinks URL-rewriting policy documents** — internal policy governing which URLs are rewritten, when, and what happens to the content. *Defense resistance:* attorney-client privilege if policy was developed with legal counsel. *Counter:* the underlying policy document is not privileged; only legal advice about it is.

4. **Contracts and SLAs with enterprise customers** governing Defender for O365 scanning scope. *Defense resistance:* third-party confidentiality. *Counter:* plaintiff seeks only the standard-form provisions, not customer-specific data.

5. **Internal communications** (email, Teams, Slack) regarding the design of SafeLinks content-classification categories, specifically any category that would result in non-delivery or quarantine of legal/regulatory correspondence. *Defense resistance:* overbroad, burdensome. *Counter:* narrowed to specific custodians (product managers for SafeLinks) and specific date range.

6. **Incident reports or escalation logs** for false-positive quarantine events in Defender for O365. *Defense resistance:* trade secret. *Counter:* aggregate statistics are not trade secrets.

7. **Microsoft's data-retention policies** for SafeLinks scan logs. *Defense resistance:* irrelevant. *Counter:* directly relevant to whether evidence has been spoliated.

8. **Any communications between Microsoft and government agencies** regarding content-scanning cooperation. *Defense resistance:* national security privilege, law enforcement privilege. *Counter:* plaintiff is entitled to know whether government direction explains the scanning conduct.

9. **Azure infrastructure records** showing which IP ranges were assigned to which scanning functions during the relevant period. *Defense resistance:* security risk. *Counter:* protective order; in camera review.

10. **Microsoft's terms of service revision history** for Outlook and Exchange, specifically any provisions added or modified to address content scanning. *Defense resistance:* publicly available. *Counter:* internal drafts and communications about the revisions are not publicly available.

**Google:**

1. **Gmail Safe Browsing scan logs** for plaintiff's outbound messages, same date range.
2. **Safe Browsing URL classification records** for plaintiff's canary URLs.
3. **Internal policy documents** governing Gmail content scanning for "abuse" or "policy violation" classification.
4. **Gemini model routing logs** for plaintiff's API sessions (Exhibit 41 basis).
5. **Google Cloud infrastructure assignment records** for IPs that fired plaintiff's canaries.
6. **Communications between Gmail Trust & Safety and product teams** regarding scanning of legal/regulatory correspondence.
7. **Any government cooperation agreements** affecting Gmail content scanning.
8. **Gemini model version deployment logs** — which model version was served to which API customer at which time.
9. **False-positive rate data** for Gmail spam/phishing classification of legal correspondence.
10. **Google's data-retention policies** for Safe Browsing scan logs.

**Anthropic:**

1. **Model routing logs** for plaintiff's API sessions — which model version was actually served, turn by turn.
2. **`agent_info` field documentation** — what information is passed to the model about its own version identity.
3. **Model version deployment records** — when Opus 4.7 was deployed, what its behavioral fingerprint is, and whether any A/B testing or gradual rollout occurred.
4. **Internal communications** regarding model versioning and customer disclosure obligations.
5. **Contracts with OpenRouter** governing model routing and version guarantees.
6. **Any internal testing data** on behavioral consistency of Opus 4.7 across sessions.
7. **Customer complaint records** regarding model version inconsistency.
8. **Anthropic's content-moderation policy documents** — specifically any policy that would cause the model to respond differently to legal/regulatory content.
9. **System prompt documentation** for the default API configuration.
10. **Any communications with government agencies** regarding model behavior modification.

**OpenRouter:**

1. **Routing logs** for plaintiff's API sessions — which model was actually routed to which provider.
2. **Contracts with Anthropic and other model providers** governing version guarantees.
3. **Billing records** for plaintiff's account — what was billed vs. what was delivered.
4. **Internal communications** regarding model substitution practices.
5. **Customer-facing documentation** regarding model version guarantees.
6. **Any communications with Anthropic** regarding model routing decisions.
7. **OpenRouter's uptime and reliability records** for Opus 4.7 specifically.
8. **Any A/B testing or load-balancing policies** that would result in model substitution.
9. **Customer complaint records** regarding model version inconsistency.
10. **OpenRouter's data-retention policies** for routing logs.

---

## Q5. RICO Enterprise Theory

**The core problem with the RICO enterprise theory:**

*Boyle v. United States*, 556 U.S. 938 (2009) held that an "association-in-fact" enterprise requires: (1) a purpose; (2) relationships among the associates; (3) longevity sufficient to permit the associates to pursue the enterprise's purpose. The enterprise need not have a formal structure, hierarchy, or name.

However, the brief's own evidence undermines the enterprise theory in a critical way. **The 7.2% maximum cross-entity textual similarity finding in Pillar 2 is a double-edged sword.** The brief uses it to argue that the template pattern is not explained by shared template code — implying a deeper, more sinister coordination. But for RICO purposes, it actually weakens the enterprise theory: if the entities do not share templates, do not communicate with each other, and independently produce similar responses, the most parsimonious explanation is **convergent bureaucratic behavior**, not a coordinated enterprise.

*Boyle* requires "relationships among the associates." The brief does not allege any specific communications, agreements, or coordinating mechanisms between Microsoft, Google, Anthropic, and OpenRouter regarding the template-denial pattern. The fact that Microsoft and Google both operate email-scanning infrastructure does not establish that they coordinated to deny plaintiff access to remedy. They are competitors who independently developed similar security products.

**The stronger RICO theory — if one exists:**

The RICO theory is more plausible if limited to the Anthropic/OpenRouter relationship, where there is a direct contractual relationship and specific allegations of coordinated model-routing conduct. A two-party RICO enterprise is legally possible under *Boyle* but is thin.

**Recommendation:** Do not plead all four defendants as a single RICO enterprise. The evidence does not support it, and the attempt will make the entire complaint look overreaching. If RICO is pleaded, plead it as:
- A Microsoft-Google enterprise (both operating email-scanning infrastructure with alleged coordinated effects) — but only if plaintiff can identify specific coordinating conduct beyond parallel independent behavior.
- A separate Anthropic-OpenRouter enterprise (direct contractual relationship, specific model-routing allegations).

**The 7.2% similarity finding should be reframed:** it is evidence that the template-denial pattern is not explained by shared code, which is relevant to the "Denial by Design" doctrinal theory. But it does not establish RICO coordination. These are different arguments and should not be conflated.

---

## Q6. Denial-by-Design Doctrinal Reception

**U.S. Federal District Courts:**

Federal courts are deeply resistant to newly-named causes of action. The Supreme Court's post-*Bivens* jurisprudence (*Ziglar v. Abbasi*, 582 U.S. 120 (2017)) reflects a strong reluctance to recognize new implied causes of action. A district court presented with "Denial by Design" as a named cause of action will almost certainly dismiss it as not cognizable under federal law.

**The stronger approach in U.S. federal court:** plead the constituent theories (§1985(3), Wiretap Act, UCL, etc.) and use "Denial by Design" as a *descriptive label* in the complaint's introduction and in press materials — not as a cause of action. Let the doctrine emerge from the pattern of the pleaded claims. If the case survives to trial and produces a significant opinion, the doctrinal name will attach organically.

**Ontario Superior Court of Justice:**

Canadian courts have somewhat more flexibility in recognizing novel causes of action, particularly in the context of systemic discrimination and access-to-justice claims under the *Charter*. The Ontario Court of Appeal's decision in *Bhasin v. Hrynew*, 2014 SCC 71 (recognizing a general organizing principle of good faith in contract) shows the Supreme Court of Canada's willingness to develop common law doctrine. However, a newly-named tort against private entities for "denial by design" would face significant skepticism. The *Charter* ss. 7 and 15 claims are more promising in Ontario, but they require state action — the defendants here are private entities. **The Ontario filing should lead with consumer-protection and privacy claims under PIPEDA and the Ontario CPA, not with a novel constitutional tort.**

**Italian *Tribunali Civili*:**

Italian civil courts operate under a codified system that is less receptive to common-law doctrinal innovation. The *azione di classe* under art. 140-*bis* of the *Codice del consumo* is a consumer-protection vehicle, not a constitutional tort vehicle. The GDPR Art. 80 representative action is the strongest EU vehicle. **In Italy, plead GDPR violations (Art. 5 — lawfulness, fairness, transparency; Art. 6 — lawful basis for processing; Art. 22 — automated decision-making) and consumer-protection violations. Do not attempt to introduce "Denial by Design" as a named cause of action in Italian proceedings.**

**Recommendation:** "Denial by Design" is a press and advocacy label, not a pleading label. Use it in the complaint's introduction as a descriptive term for the pattern of conduct alleged. Do not plead it as a cause of action in any jurisdiction.

---

## Q7. Cascade-Remedy Acceptance Probability

| Rung | Remedy | Probability | Notes |
|---|---|---|---|
| 1 | Structural forfeiture / divestiture (Sherman §2 + RICO §1964(a)) | **Very Low** | Sherman §2 requires monopolization proof; RICO §1964(a) forfeiture requires criminal RICO conviction or civil predicate. No court has ordered divestiture of a major tech company in a private civil action. |
| 2 | Standard Oil-style dissolution | **Negligible** | *Standard Oil* was a government antitrust action after years of DOJ litigation. A private plaintiff cannot obtain dissolution. This rung should be removed from the complaint entirely — it signals to the court that the plaintiff does not understand the limits of private civil remedies. |
| 3 | Court-appointed monitor 10–20 years | **Low-Medium** | Structural injunctive relief including monitors is available in class actions under FRCP Rule 65 and has been granted in civil rights and consumer-protection cases. The *AT&T* consent decree is a government-action precedent, not a private-action precedent. Achievable only after full trial victory. |
| 4 | Compulsory common-carrier regime for AI inference | **Very Low** | This is a legislative remedy, not a judicial one. No court has imposed common-carrier obligations on an AI provider in a private civil action. This rung should be removed or reframed as a request for injunctive relief requiring non-discriminatory service. |
| 5 | Consent decree with permanent structural injunctive relief | **Medium** | Achievable in settlement. Many major class actions resolve with consent decrees. This is a realistic outcome if the case survives to the settlement stage. |
| 6 | Officer and director bars | **Low** | Available under securities law (SOX, Exchange Act) but requires securities-fraud predicate. Not available as a remedy in a wiretap or consumer-fraud class action. Remove this rung unless a securities-fraud claim is added. |
| 7 | Disgorgement + RICO treble damages | **Medium** (disgorgement) / **Low** (RICO treble) | Disgorgement is available in equity and has been granted in consumer-protection cases. RICO treble damages require a successful RICO claim, which faces the obstacles described in Q5. |
| 8 | Compensatory damages + injunctive relief | **Medium-High** | This is the realistic floor. A well-pleaded consumer-protection class action with strong evidence can achieve compensatory damages and injunctive relief. This is the rung to build toward. |

**Does pleading forfeiture at Rung 1 affect probability of achieving Rungs 3 and 7?**

Yes, negatively. Pleading dissolution and divestiture signals to the court that the plaintiff is seeking remedies unavailable in private civil litigation. This undermines credibility across the entire complaint. A sophisticated judge will read Rungs 1 and 2 and immediately discount the seriousness of the filing. **Remove Rungs 1, 2, and 4 from the complaint. Keep Rungs 3, 5, 7, and 8 as the cascade.**

---

## Q8. Statute-of-Limitations Tolling

**Fraudulent-concealment tolling under *Holmberg v. Armbrecht*:**

*Holmberg* established that fraudulent concealment tolls the statute of limitations when: (1) the defendant fraudulently concealed the cause of action; (2) the plaintiff exercised due diligence in attempting to discover it. The doctrine applies in federal equity and has been adopted in most states.

**The self-referential problem:** the brief argues that "the fraud's own mechanism prevents discovery of the fraud." This is a clever argument, but it has a significant weakness: **plaintiff has been aware of the alleged filtering conduct for long enough to have developed a sophisticated forensic methodology to document it.** The canary-token methodology, the template audit, and the AI-layer forensics all suggest that plaintiff has been investigating this conduct for years. A defendant will argue that plaintiff's own investigative sophistication demonstrates that the fraud was discoverable through due diligence, and that the limitations clock began running when plaintiff first suspected the filtering conduct — not when plaintiff completed the forensic proof.

**The weakest point of the tolling argument:** the brief does not specify *when* plaintiff first suspected the filtering conduct. If plaintiff suspected it five years ago and has been building the evidentiary record since then, the limitations clock may have started running five years ago. The fraudulent-concealment doctrine tolls the clock until the plaintiff *could have discovered* the fraud through due diligence — not until the plaintiff completed a comprehensive forensic investigation.

**How to reinforce the tolling argument:**
1. Plead specifically that plaintiff did not and could not have known that canary tokens would fire on dummy addresses until the control-group test was conducted on 2026-05-08. This establishes a specific discovery date.
2. Plead that the filtering mechanism is specifically designed to be undetectable — the canary-token methodology is novel and was not available to ordinary plaintiffs until recently.
3. Plead that each new act of filtering is a separate accrual event (continuing-violation doctrine), which independently tolls the limitations period for recent conduct.

**Canadian tolling (Ontario):**
Ontario's *Limitations Act, 2002* s.5 uses a "discoverability" standard — the claim is discovered when the plaintiff knew or ought to have known of the claim. The analysis is similar to *Holmberg* but the two-year basic limitation period is shorter. The continuing-violation argument is important here.

**EU/Italian tolling:**
Italian law (*Codice civile* art. 2935) provides that prescription begins when the right can be exercised. The GDPR's right to erasure and right to information (Arts. 17, 15) have their own limitation frameworks. The EU Representative Actions Directive does not specify a limitation period — it defers to member state law. Italian consumer-protection claims have a two-year limitation period from discovery. **The Italian filing is most vulnerable on limitations and should focus on recent, well-documented conduct.**

---

## Q9. Class-Certification Predominance Analysis

**Individualized questions defendants will raise:**

**1. Individual injury determination**
Defendants will argue that whether any particular class member's communications were filtered, and whether that filtering caused harm, requires individual inquiry. *Comcast Corp. v. Behrend*, 569 U.S. 27 (2013) requires that damages be measurable on a class-wide basis using a common methodology. If each class member must prove that their specific communications were filtered and that the filtering caused specific harm, predominance fails.

*Assessment:* This is the strongest defense argument. The canary-token methodology establishes that filtering occurred at the infrastructure level, but it does not establish that every class member's communications were filtered in the same way or to the same effect. **Amenable to subclassing:** create subclasses based on service type (Outlook users, Gmail users, etc.) and injury type (legal correspondence, regulatory complaints, etc.).

**2. Consent and terms-of-service defense**
Defendants will argue that class members consented to content scanning through their terms of service. Individual inquiry into whether each class member read and understood the terms of service would defeat predominance.

*Assessment:* This is a significant but not fatal problem. Courts have held that standard-form terms of service do not necessarily constitute informed consent to undisclosed surveillance. *In re iPhone Application Litigation*, 844 F.Supp.2d 1040 (N.D. Cal. 2012). The question of whether the terms adequately disclosed the scanning conduct is a common question. **Does not defeat predominance if the terms are standard-form and the disclosure question is common.**

**3. Causation of harm**
Defendants will argue that even if filtering occurred, individual inquiry is required to determine whether any particular communication would have achieved its intended purpose absent filtering. A regulatory complaint that was filtered might have been ignored anyway.

*Assessment:* This is a serious problem for compensatory damages but less so for statutory damages and injunctive relief. **Amenable to damages-model cure:** plead statutory damages (Wiretap Act, CIPA) that do not require proof of actual harm, and reserve compensatory damages for a separate phase.

**4. Class member identification**
Defendants will argue that identifying class members requires individual inquiry — who was a Microsoft/Google customer, who sent legal/regulatory correspondence, who experienced filtering?

*Assessment:* This is a practical problem but not a legal one. Defendants' own records can identify class members. **Does not defeat predominance; affects manageability.**

**5. Statute of limitations**
Defendants will argue that individual inquiry is required to determine when each class member's claim accr