`Case 1:21-cv-08082-LGS Document 1-1 Filed 09/28/21 Page 1of8
`
`Attachment to Complaint
`
`Section III Statement of Claim
`
`1. Defendant Skype CommunicationsS.a.r.l. is a telecommunications company
`whoseapplication allowsits users to message and chat with each otherfor free
`and allowsits users to call non-users on a phone numberfor a fee. While Skype
`operates a distinct website and an app that bears its name and provides and
`collects payments for the telecommunicationsservices to its customers,
`Defendant Microsoft Corporation is in charge of security, maintenance, and
`customerrelations of Skype users’ accounts. In this the two defendants operate a
`commonenterprise of telecommunications business.
`
`2. Microsoft offers numerous other services and operates several websites,
`including bing.com, where customers maysign up for Microsoft accounts, some
`of which are fee-based and some of which are nominally free to users and
`supported instead by other sources of revenue, most notably advertising, which
`grows through Microsoft’s collection, aggregation, combination and/or analysis
`of users' information. Microsoft is in charge of security, maintenance, and
`customerrelations of Microsoft users’ accounts.On or before December11, 2018,
`
`Plaintiff signed up for a Skype account through Skype's website or app and in
`doing so acceptedthe latter's terms of servicetitled "Microsoft Service
`Agreement". Plaintiff likely accessed Skype's website or app through a public or
`shared Internet Protocol ("IP") address because Microsoft revealed in 2021 that
`they logged Plaintiff's IP address at the time and foundit identical to the address
`of at least 258 other accounts, most of which Microsoft considered to be
`
`engaging in suspicious activities and deniedserviceto.
`
`3.
`
`Later that day, Plaintiff made a $10 purchase to enable him to use his Skype
`service to makecalls to non-Skype phone numbers whentraveling abroad. Since
`Skype's creation, many messaging apps have overtakenit in popularity, but
`Skyperetains its market dominanceas an app that allowsa userto call a
`non-user on the non-user's phone, and Plaintiff was and is unawareofalternative
`products to Skype whentraveling internationally. Further, the app came
`pre-installed in Plaintiff's computer that operates on Windows, a product of
`
`Microsoft.
`
`
`
`Case 1:21-cv-08082-LGS Document 1-1 Filed 09/28/21 Page 2 of 8
`Case 1:21-cv-08082-LGS Document 1-1 Filed 09/28/21 Page 2 of 8
`
`It is now revealed that at the time of his payment for the Skype service on
`December 11, 2018, Microsoft’s automated systems deemed Plaintiff’s IP
`address as a low “Reputation Score” IP such that the automated systems would
`prevent him from using the services that he was payingfor. In other words,
`Plaintiff was already guaranteed to receive no consideration in return for his
`money underthe terms of contract.
`
`On January 20, 2019, when Plaintiff tried to log into his Skype account through
`Skype's app whenstaying at a hotel abroad andlikely through a public IP that
`Defendants again logged, he wastold that something went wrong andthat he
`needed to sign in through a browserand through a Microsoft website. On that
`website, upon putting in his usernameand password,Plaintiff was told his
`account was suspended because spam wassent from his account or some other
`account activities were in violation of the service agreement. The webpagesaid
`
`that Plaintiff must share his mobile number and Microsoft must send himatext
`
`message before he could resume using Skypeservice. Despite his privacy and
`security concerns of sharing his phone numberwith the defendants and of using
`his US phonein a foreign country, Plaintiff reluctantly did as he was asked in
`order to make an urgent international call and wasthen ableto sign in both via
`Microsoft's website and to Skype app.
`
`Following the incident and on or around January 24, 2019, Plaintiff wrote to
`Microsoft to request details on the allegations of sending spam and/or other
`violations of the service agreementthat had resulted in the loss of his use of
`Skype service. He was given no clear answer except that Microsoft barred his
`access to the Skype account“to makesure it was safe”. Further, a Microsoft
`webpagethat Plaintiff was directed to intimated the blocked access would
`suggest that Plaintiff's account suffered from “malware, phishing attacks, or
`
`other harmful activities”.
`
`These vague warnings of account safety gravely alarmed Plaintiff and compelled
`him to scrutinizeall his emails in the email account used for his Skype account:
`he was going through thousands of my emails to see whether there were any
`messages in the Sent folder that he didn’t create, any incoming messagesthat
`suggest that someonereceived emails that he didn’t send. Further, he had to
`secure manythird-party app or website log-ins that used this particular email.
`And because Microsoft was persistently and stubbomly secretive and evasive
`
`2
`
`
`
`Case 1:21-cv-08082-LGS Document 1-1 Filed 09/28/21 Page 3 of 8
`Case 1:21-cv-08082-LGS Document 1-1 Filed 09/28/21 Page 3 of 8
`
`through 2019 and 2020 aboutthe exact nature and timing of the suspected
`“malware, phishing attacks, or other harmful activities”, Plaintiff had to
`constantly monitorall third party apps and accounts that were associated with his
`Skype account’s log-in to catch on any unusualactivities as well as his credit
`history and financial accounts’ activities.
`
`Plaintiff had also created a Microsoft account on one of Microsoft's website,
`
`likely bing.com, at some point before June 18, 2019, and wastrying to sign into
`that accountthat day to use credit in the account to redeem a promotionaloffer
`of Microsoft products. Upon putting in his username and password, Plaintiff
`again landed on a pagethat said this account was suspended because spam was
`sent from this account or some other accountactivities were found to be in
`
`violation of Microsoft's service agreement. The page, too, said that Plaintiff must
`share his mobile number before he could resume using Microsoft services.
`
`This time Plaintiff left that page and searched for Microsoft’s technical support
`and was connected with an agent, Abigaile A. The agent wrote to Plaintiff that it
`was mostlikely that “someone has access on your accountor trying to access
`your account”. She then unlockedPlaintiff's account by verifying a code she sent
`to Plaintiff's email address associated with the account, an option that Microsoft
`hid from its webpages. Yet, the agent refused to answer whatnefarious actors
`may have gotten access to Plaintiff's account to have prompted the suspension of
`service.
`
`10.
`
`11.
`
`Plaintiff continued to press Microsoft for more details about the breach ofhis
`Microsoft account that Microsoft's representative hinted at. But throughout 2019
`and 2020 the Microsoft defendant obstinately refused to elaborate on the grave
`but vague warningsthat it sent to Plaintiff in June 2019, citing commercial
`secrets about its algorithm and "the system"for its refusal to do so.
`
`Only in October 2020, after Plaintiff indicated his intention to sue the two
`defendants, did a Microsoft paralegal, Jose Pablo Leandro, write to him that “the
`problem is not you sending spam"and that he reviewedPlaintiff's two accounts
`and confirmedthat neither "has not been compromised.” By then, Plaintiff had
`been compelled to review and monitor activities in email and other financial or
`credit accounts associated with his Microsoft account, much in the same manner
`
`that he had to review and monitor his many accounts associated with his Skype
`
`3
`
`
`
`Case 1:21-cv-08082-LGS Document 1-1 Filed 09/28/21 Page 4 of 8
`Case 1:21-cv-08082-LGS Document 1-1 Filed 09/28/21 Page 4 of8
`
`account. The defendants have now stated that a customer may resumeservices
`with Microsoft and Skype accounts suspected of security compromise or
`suspicious or abusive use through a verification code sent to (the customer's
`choice of) either her mobile phone numberor her email address that was usedto
`sign up for her Microsoft of Skype account. It should be noted, however, that the
`
`defendants did not makethe latter choice known to their customers. Thelatter
`
`choice would naturally be morepalatable to the more privacy-concerned
`customers, but the fact is the defendants made their customers spendsignificant
`amount of time to navigate formidable customerservice hurdles before they
`
`could learn about andaccessthis choice. The notional "choice" wasin fact a
`
`false one and speaksrather to the intentionality and deceptiveness of the
`defendants' actions.
`
`12.
`
`Microsoft's subsequent review ofPlaintiff's Skype account also concludedthat
`Plaintiff was denied access to his paid Skype account in January 2019 for what
`the defendants alleged to be violations of "section 4.a.1i" of the agreementat the
`time. Although neither defendant cameclean in 2019 or 2020 the reasons and
`circumstances for which they may have evokedthe service agreementto
`terminate services, they nowassert that Plaintiff's use of a public IP address was
`the reason of their refusal of service in 2019. (Additionally, the defendants note
`that their interpretation of this clause evolves month to monthto include a
`changinglist of activities that are deemedviolation of the agreement, but they
`refuse to disclose the currentlist on the groundthat their interpretation of the
`agreementis "proprietary information.")Bizarrely, the defendants also assert that
`Plaintiff's Skype accountis considered a "free account" underthe service
`agreement. They explain awaythe facial absurdity of this assertion - when Skype
`had taken a paymentfrom Plaintiff for its service - by saying that "free account"
`is a term ofart, albeit one that by their own concessionis neither defined in the
`agreement nor even encountered by a customerat any juncture during the
`process of her sign-up or making payment.
`
`13.
`
`The defendants’ series of scary warnings about Plaintiff's compromised accounts
`and emails taken over by nefarious parties have now provento be a ruse and a
`fraud to “phish” for his personal information and phone number, which Plaintiff
`had refused to share with the defendants when he created his Skype and
`Microsoft accounts. National newspapers and privacy advocates have long
`pointed to how big tech firms enrich themselves through not only the collection
`
`4
`
`
`
`Case 1:21-cv-08082-LGS Document 1-1 Filed 09/28/21 Page 5 of 8
`Case 1:21-cv-08082-LGS Document 1-1 Filed 09/28/21 Page 5of8
`
`of consumers’ personal information but also combination of person information
`collected at different junctures to build more financially valuable profiles of
`individual consumers. Plaintiff has reasonsto believe also that Microsoft has
`
`“combined”the personal information it deceptively obtained of Plaintiff in
`January 2019 with personaldata it had collected of him prior to that point in
`order to drastically enhance the value of the “combined”personal data it
`possessesofits users andsell the data for higherprices to its advertising clients.
`
`Section IV: Relief
`
`14.
`
`15.
`
`16.
`
`Skype took payment on December 11, 2018 for services that it did not really
`intend to furnish. Its actions constituted an unfair and deceptive business practice
`enjoined by New York General Business Law 349. Forthis Plaintiff sues for $10
`plus statutory and punitive damages under GBL 349.
`
`WhenPlaintiff doggedly tried to regain access to the services he paid for,
`Microsoft allowed Plaintiff access only after it made Plaintiff turn over valuable
`personal information he would not have agreed to proffer when he made the
`purchase.In luring a consumerinto an agreement before changing the termsthat
`the consumerwas unlikely to have agreedto in thefirst place, Skype and
`Microsoft’s actions again constituted an unfair and deceptive business practice
`enjoined by New York General Business Law 349. Forthis Plaintiff sues for $10
`plus statutory and punitive damages under GBL 349.
`
`Skype’s actions in advertising and taking or processing customers’ payments for
`services in the defendants’ joint Skype-Microsoft telecommunications enterprise
`amount to wire fraud. Microsoft’s role in subsequently blocking customers’
`accessto the services - and deceiving customers about whatreally transpired —
`shaves cost from operating the joint telecommunication business andalso - in the
`case of a few customers most determined to get what they paid for — bringsit
`personal information from these customersthat is lucrative for Microsoft’s
`advertising and other businesses, but its actions are likewise fraudulent.
`Moreover, it should be noted that what happened to Plaintiff's Skype account and
`Microsoft account in January and June 2019 was notjust two isolated events but
`akin to manysimilar incidents over the years that constitute a clear pattern. The
`defendants’ use of "algorithm" further indicates that the fraudulent scheme has
`
`5
`
`
`
`Case 1:21-cv-08082-LGS Document 1-1 Filed 09/28/21 Page 6 of 8
`Case 1:21-cv-08082-LGS Document 1-1 Filed 09/28/21 Page 6 of 8
`
`been encoded in an automated system or process that is boundto repeat itself and
`is an ongoing criminal threat on a massivescale. Lastly, Plaintiff's interactions
`with the two defendants - the creation of each account and the making of
`payment- originated with each defendant's respective app or website, which
`proves each defendant's control and managementof aspects of the fraudulent
`scheme, while the close corporate ties and operational coordination between the
`two defendants in technical support and customerservice indicate joint
`participation in managingthis racket.
`
`17.
`
`Because ofthe series of fraud the defendants committed, Plaintiff not only lost
`moneyin direct payments to Skype but also suffered enormousfinancial losses
`due to lost time andlost opportunities and thus sues for monetary and statutory
`damages available under federal anti-racketeering statutes.
`
`18.
`
`Plaintiff also sues to enjoin the defendants from requesting personal information
`that he did not surrender to Businessesat the start of service in any bargain to
`access, continue, renew the current level of services; to order Businesses to
`
`disclose how data of such personal information were collected, combined with
`Plaintiffs data that the defendants had previously collected, stored, handled, and
`distributed since January 2019; and to order the defendants to destroy said data.
`
`19.
`
`The defendants have admitted that part of Microsoft Service Agreement was
`deliberately left vague and indefinite; that their own understanding and
`interpretation of what constitutes a customer’s violation of the agreement evolves
`rapidly and at a monthly pace (more rapidly than the updates to the service
`agreementitself); and that the exact meaning and substance of the contractual
`provision about contractual breach by customers, which permits the defendants
`to unilaterally terminate service, is a secret that cannot be shared with customers
`—and is somehow not subject to judicial review. The defendants also knewat the
`time of executing the contract that Plaintiff was guaranteed to receive no
`consideration in return for his money. This deliberate vagueness and
`indefiniteness of substantial and vital provisions is unconscionable.
`
`20.
`
`The unconscionability of the agreement also flows from the facts that Skype’s
`services camepre-installed on Microsoft’s operation system on Plaintiffs
`computer and that Plaintiff hadlittle choice in looking for a international
`long-distance telecommunicationsproviderthat was notreliant on his cellular
`
`6
`
`
`
`Case 1:21-cv-08082-LGS Document 1-1 Filed 09/28/21 Page 7 of 8
`Case 1:21-cv-08082-LGS Document 1-1 Filed 09/28/21 Page 7 of 8
`
`service. Yet, the contractual terms were so lopsided and unreasonable that had
`Plaintiff — or any reasonable person - known that the defendants understood the
`contract he entered into at the time to mean that they needed to provide no
`service to him atall, he certainly would not have entered into the contract no
`matter how few other choices he hadat the time.
`
`21.
`
`The built-in vagueness in material provisions of the Microsoft Service
`Agreement andits substantive and procedural unconscionability render these
`provisions and the whole agreement void and unenforceable. Plaintiff thus sues
`
`to have his contracts with the two defendants declared void andnull.
`
`22.
`
`Alternatively, Plaintiff sues to have declared null and void any specific clauses
`and provisions that may be construed by the defendants to deny services to
`Plaintiff for using public or shared IPs. Such clauses are worded too vaguely to
`be enforceable, and they are unconscionable.
`
`23).
`
`Plaintiff also sues Microsoft for intentional infliction of emotional distress under
`
`New Yorktort law. A serial identity theft victim who frequently saw his emails
`hackedinto or his identity used by unauthorized parties to apply for jobs and
`credit, Plaintiff restarted an old habit of vigilantly watching over his accounts
`and emails in trying to spot any irregularities. Microsoft’s agents and employees
`continuedto affirm or otherwise equivocate throughout 2019 and 2020 about
`whether his accounts and emails were compromised, and their actions only
`served to deepen his anxieties about becomingan identity theft victim yet again,
`this timein still more intrusive waythan before in that the thieves might have
`stolen a peep into all aspects of Plaintiff's daily life by situating themselves in his
`emails. This thought was a constant source of mental anguish for Plaintiff in the
`last two years, causing endless insomnia, migraines, and severe weight gains.
`
`24.
`
`Microsoft’s more recent statements that it was all a false warning should prompt
`one to question why the warning was worded the way it was. The languageused in
`the false warning was boundto evokeanyuser’s fear of identity theft and intrusion
`of privacy. The warning seemsdesignedto have that very effect in hoaxing users
`into turning overtheir personal information to Microsoft in the misplaced hope
`that Microsoft would help the users to regain control. In other words, if the
`language causedusers fear anddistress, it is because it was meant to do so. Hence
`
`
`
`Case 1:21-cv-08082-LGS Document 1-1 Filed 09/28/21 Page 8 of 8
`Case 1:21-cv-08082-LGS Document 1-1 Filed 09/28/21 Page 8 of 8
`
`the inevitable conclusion of Microsoft’s malice andintent in inflicting such
`
`emotional distress on their users.
`
`25.
`
`Therefore, Microsoft’s willful and persistent lies and refusal to come clean to
`Plaintiff about what really transpired over the span of two years must be
`penalized becauseofits sheer malice in taking advantage of a consumer’s
`vulnerability and past traumaofhis struggles with lost access to the most
`important means of communications for and managementof his personal and
`professionallife and his struggles with big corporations in his attempts to
`
`reassert control over his own life.
`
`