Case 3:20-cv-02353-JD Document 78 Filed 05/20/21 Page 1 of 22

1 COOLEY LLP PATRICK E. GIBBS (183174) 2 ([email protected]) JESSICA VALENZUELA SANTAMARIA (220934) 3 ([email protected]) TIJANA BRIEN (286590) 4 ([email protected]) JENNA C. BAILEY (319302) 5 ([email protected]) 3175 Hanover Street 6 Palo Alto, California 94304-1130 Telephone: +1 650 843 5000 7 Facsimile: +1 650 849 7400 8 CRAIG E. TENBROECK (287848) ([email protected]) 9 4401 Eastgate Mall San Diego, California 92121 10 Telephone: +1 858 550 6000 Facsimile: +1 858 550 6420 11 Attorneys for Defendants 12 Zoom Video Communications, Inc., Eric S. Yuan, and Kelly Steckelberg 13 14 UNITED STATES DISTRICT COURT 15 NORTHERN DISTRICT OF CALIFORNIA 16 17 In re ZOOM SECURITIES LITIGATION, Case No.: 3:20-cv-02353-JD

18 DEFENDANTS’ MOTION TO DISMISS THE This Document Relates To: CONSOLIDATED CLASS ACTION COMPLAINT 19 ALL ACTIONS. Date: August 26, 2021 20 Time: 10:00 a.m. Courtroom: 11, 19th Floor 21 Judge: Hon. James Donato 22 23 24 25 26 27 28

COOLEY LLP ATTORNEYS AT LAW MOT. TO DISMISS THE COMPLAINT PALO ALTO 3:20-CV-02353-JD

Case 3:20-cv-02353-JD Document 78 Filed 05/20/21 Page 2 of 22

1 TABLE OF CONTENTS

2 Page 3 NOTICE OF MOTION AND MOTION ...... v 4 STATEMENT OF ISSUES TO BE DECIDED (LOCAL RULE 7-4(A)(3))...... v MEMORANDUM OF POINTS AND AUTHORITIES ...... 1 5 I. INTRODUCTION ...... 1 6 II. BACKGROUND ...... 2 7 III. LEGAL STANDARDS ...... 5 IV. ARGUMENT ...... 5 8 A. Plaintiff Fails to Allege Any False or Misleading Statement ...... 5 9 1. Because Plaintiff Fails to Allege That There is Only One Possible Meaning of “End to End Encryption,” His Claims 10 Fail ...... 5 11 2. Zoom’s Privacy Policy Contained No Misstatements or Omissions ...... 8 12 B. Yuan and Steckelberg Cannot Be Liable for Statements They Did Not “Make.” ...... 9 13 C. Plaintiff Fails to Plead a Strong Inference of Scienter ...... 9 14 1. Plaintiff Fails to Plead Scienter as to Yuan and Steckelberg ...... 9 15 a. Plaintiff Fails to Plead Scienter as to Zoom’s Use of E2E ...... 10 16 b. Plaintiff Fails to Plead Scienter as to the Alleged Privacy Policy Omissions ...... 12 17 2. Viewed Holistically, the More Cogent and Compelling 18 Inference is an Innocent One...... 12 D. Plaintiff Fails to Adequately Plead Loss Causation ...... 14 19 V. CONCLUSION ...... 15 20 21 22 23 24 25 26 27 28

COOLEY LLP ATTORNEYS AT LAW MOT. TO DISMISS THE COMPLAINT PALO ALTO i 3:20-CV-02353-JD

Case 3:20-cv-02353-JD Document 78 Filed 05/20/21 Page 3 of 22

1 TABLE OF AUTHORITIES

2 Page(s) 3 Cases

4 In re Adolor Corp. Sec. Litig., 616 F. Supp. 2d 551 (E.D. Pa. 2009) ...... 7 5 6 In re Advanta Corp. Sec. Litig., 180 F.3d 525 (3d Cir. 1999) ...... 11 7 Basic Inc. v. Levinson, 8 485 U.S. (1988) ...... 8

9 Bodri v. GoPro, 252 F. Supp. 3d 912 (N.D. Cal. 2017) ...... 12 10 In re BofI Holding, Inc. Sec. Litig., 11 977 F.3d 781 (9th Cir. 2020) ...... 14, 15 12 Brody v. Transitional Hosps. Corp., 13 280 F.3d 997 (9th Cir. 2002) ...... 8

14 Cheung v. Keyuan Petrochemicals, Inc., 2012 WL 5834894 (C.D. Cal. Nov. 1, 2012) ...... 10 15 City of Dearborn Heights Act 345 Police & Fire Ret. Sys. v. Waters Corp., 16 632 F.3d 751 (1st Cir. 2011) ...... 11 17 Di Donato v. Insys Therapeutics Inc., 18 2017 WL 3268797 (D. Ariz. Aug. 1, 2017) ...... 13 19 Ferraro Family Found., Inc. v. Corcept Therapeutics Inc., 2020 WL 6822916 (N.D. Cal. Nov. 20, 2020) ...... 15 20 Glazer Cap. Mgmt., LP v. Magistri, 21 549 F.3d 736 (9th Cir. 2008) ...... 11 22 Janus Cap. Grp., Inc. v. First Derivative Traders, 23 564 U.S. 135 (2011) ...... 9 24 Jasin v. Vivus, Inc., 2016 WL 1570164 (N.D. Cal. Apr. 19, 2016), aff’d, 721 F. App’x 665 (9th Cir. 25 2018) ...... 13

26 Kairalla v. Advanced Med. Optics, Inc., 2008 WL 2879087 (C.D. Cal. June 6, 2008) ...... 8 27 28

COOLEY LLP ATTORNEYS AT LAW MOT. TO DISMISS THE COMPLAINT PALO ALTO ii 3:20-CV-02353-JD

Case 3:20-cv-02353-JD Document 78 Filed 05/20/21 Page 4 of 22

1 TABLE OF AUTHORITIES (continued) 2 Page(s) 3 Kelly v. Elec. Arts, Inc., 2015 WL 1967233 (N.D. Cal. Apr. 30, 2015) ...... 6 4 Kuriakose v. Fed. Home Loan Mortg. Corp., 5 2011 WL 1158028 (S.D.N.Y. Mar. 30, 2011) ...... 7 6 In re LeapFrog Enters., Inc. Sec. Litig., 7 527 F. Supp. 2d 1033 (N.D. Cal. 2007) ...... 10

8 Loos v. Immersion Corp., 762 F.3d 880 (9th Cir. 2014) ...... 15 9 McGann v. Ernst & Young, 10 102 F.3d 390 (9th Cir. 1996) ...... 13 11 Neborsky v. Valley Forge Composite Techs., Inc., 12 2014 WL 1705522 (S.D. Cal. Apr. 28, 2014) ...... 9 13 Or. Pub. Emps. Ret. Fund v. Apollo Grp. Inc., 774 F.3d 598 (9th Cir. 2014) ...... 5, 15 14 In re Pixar Sec. Litig., 15 450 F. Supp. 2d 1096 (N.D. Cal. 2006) ...... 12 16 Police Ret. Sys. of St. Louis v. Intuitive Surgical, Inc., 17 759 F.3d 1051 (9th Cir. 2014) ...... 5 18 In re Rigel Pharms., Inc. Sec. Litig., 697 F.3d 869 (9th Cir. 2012) ...... 9, 10, 15 19 In re Silicon Graphics Inc. Sec. Litig., 20 183 F.3d 970 (9th Cir. 1999), superseded by statute on other grounds ...... 9

21 Tellabs, Inc. v. Makor Issues & Rights, Ltd., 22 551 U.S. 308 (2007) ...... 9 23 Veal v. LendingClub Corp., 423 F. Supp. 3d 785 (N.D. Cal. 2019) ...... 8 24 In re Verisign, Inc., Derivative Litig., 25 531 F. Supp. 2d 1173 (N.D. Cal. 2007) ...... 10

26 Vess v. Ciba-Geigy Corp. USA, 317 F.3d 1097 (9th Cir. 2003) ...... 5 27 28 Wochos v. Tesla, 985 F.3d 1180 (9th Cir. 2021) (Tesla II) ...... 6, 15 COOLEY LLP ATTORNEYS AT LAW MOT. TO DISMISS THE COMPLAINT PALO ALTO iii 3:20-CV-02353-JD

Case 3:20-cv-02353-JD Document 78 Filed 05/20/21 Page 5 of 22

1 TABLE OF AUTHORITIES (continued) 2 Page(s) 3 Wochos v. Tesla, Inc., 2019 WL 1332395, at *6 n.2 (N.D. Cal. Mar. 25, 2019) (Tesla I) ...... 6 4 Wochos v. Tesla, Inc., 5 2019 WL 1332395 (N.D. Cal. Mar. 25, 2019) (Tesla I), aff’d, Wochos v. Tesla, 6 985 F.3d 1180 (9th Cir. 2021) (Tesla II) ...... 6, 7 7 Yourish v. Cal. Amplifier, 191 F.3d 983 (9th Cir. 1999) ...... 11 8 Zucco Partners, LLC v. Digimarc Corp., 9 552 F.3d 981 (9th Cir. 2009), as amended (Feb. 10, 2009)...... passim

10 Statutes 11 PSLRA ...... 5 12 Section 10(b) ...... 5,8 13 Section 20(a) ...... 15 14 Other Authorities 15 Federal Rules of Civil Procedure 16 Rule 9(b)...... 5 17

18 19 20 21 22 23 24 25 26 27 28

COOLEY LLP ATTORNEYS AT LAW MOT. TO DISMISS THE COMPLAINT PALO ALTO iv 3:20-CV-02353-JD

Case 3:20-cv-02353-JD Document 78 Filed 05/20/21 Page 6 of 22

1 NOTICE OF MOTION AND MOTION 2 TO PLAINTIFF AND HIS ATTORNEYS OF RECORD: NOTICE IS GIVEN that on 3 August 26, 2021 at 10:00 a.m., before the Honorable James Donato, United States District Court, 4 San Francisco, Defendants Zoom Video Communications, Inc. (“Zoom” or the “Company”), Eric 5 S. Yuan and Kelly Steckelberg (collectively, “Individual Defendants,” and together with Zoom, 6 “Defendants”) move to dismiss Plaintiffs’ Consolidated Class Action Complaint (the “Complaint”), 7 filed on December 23, 2020. This Motion is made under the Private Securities Litigation Reform 8 Act of 1995 (the “PSLRA”) and Federal Rule of Civil Procedure 12(b)(6). The Complaint should 9 be dismissed because it fails to state with particularity that any challenged statement was false or

10 misleading when made and why, that the Individual Defendants were the “makers” of such 11 statements, that any defendant acted with the required state of mind, under 15 U.S.C. §78u-4(b)(1), 12 and that the alleged misstatements caused Plaintiff’s losses. This Motion is based on this Notice 13 and Motion; the Memorandum of Points and Authorities; the Request for Judicial Notice; the 14 Declaration of Tijana M. Brien, together with accompanying exhibits; the [Proposed] Order; all 15 pleadings and papers filed herein; oral argument of counsel; and any other matter which may be 16 submitted at the hearing.

17 STATEMENT OF ISSUES TO BE DECIDED (LOCAL RULE 7-4(A)(3)) 18 Whether the Complaint states a claim under Exchange Act Sections 10(b) and 20(a). 19 20 21 22 23 24 25 26 27 28

COOLEY LLP ATTORNEYS AT LAW MOT. TO DISMISS THE COMPLAINT PALO ALTO v 3:20-CV-02353-JD

Case 3:20-cv-02353-JD Document 78 Filed 05/20/21 Page 7 of 22

1 MEMORANDUM OF POINTS AND AUTHORITIES

2 I. INTRODUCTION 3 Originally a business solution for enterprises with sophisticated IT departments, Zoom 4 became a household name virtually overnight as its platform became the lifeline for the world— 5 companies, schools, hospitals, and governments all depended upon Zoom to keep their operations 6 running. With this sudden explosion in consumer use came increased media scrutiny, including 7 over certain of Zoom’s security and privacy features, and a brief fluctuation in Zoom’s then-rising 8 stock price. Zoom took these challenges head on, rolling out a series of product updates and 9 consumer-education initiatives to bolster its already secure platform and educate its new user base.

10 Since then, Zoom’s stock price has not only rebounded but soared another 300+% as its business 11 has continued to grow and demonstrate that any concerns were misplaced. Nevertheless, Plaintiff 12 Adam Butt (“Plaintiff”) seeks to turn a brief period of stock volatility into a securities fraud claim. 13 Plaintiff claims, primarily, that Zoom misled investors by describing its platform as “end- 14 to-end” encrypted. But Plaintiff alleges no facts suggesting that his preferred definition is the only 15 meaning of this phrase, and therefore he fails to allege falsity with particularity. This is not 16 surprising because, under at least one well-recognized definition (which requires only that content 17 be encrypted between end points), Zoom’s statements about “end-to-end” encryption were true. 18 Plaintiff also complains that Zoom did not tell its users that (1) Facebook collected some Zoom 19 user information in some circumstances, (2) Zoom integrated a (scarcely used) feature that allowed 20 users to navigate to meeting participants’ already-public LinkedIn profiles, and (3) Zoom installed 21 a web server on Mac computers to streamline the log-in process. Plaintiff, however, does not 22 identify a single statement that was rendered misleading by these alleged omissions. 23 Further, Plaintiff makes no particularized allegations supporting a strong inference that 24 either Yuan or Steckelberg (and therefore Zoom) acted with fraudulent intent. Without a single 25 confidential witness and only generalized speculation about what Defendants must have known, 26 Plaintiff fails to plead facts demonstrating that they were aware of information rendering their 27 statements false or misleading when made. Add to that the absence of any other indicia of intent, 28 such as suspicious stock sales or a plausible motive, and Plaintiff “fail[s] to create an inference of

COOLEY LLP ATTORNEYS AT LAW MOT. TO DISMISS THE COMPLAINT PALO ALTO 1 3:20-CV-02353-JD

Case 3:20-cv-02353-JD Document 78 Filed 05/20/21 Page 8 of 22

1 scienter more cogent or compelling than an alternative innocent inference.” See Zucco Partners, 2 LLC v. Digimarc Corp., 552 F.3d 981, 999–1000 (9th Cir. 2009), as amended (Feb. 10, 2009). Nor 3 was Zoom’s stock price artificially inflated in the first place. After a brief period of volatility, 4 Zoom’s stock skyrocketed, all while the market had full information about the purported security 5 and privacy concerns alleged. In fact, despite the array of “corrective disclosures” Plaintiff alleges, 6 he fails to identify a single one that caused Zoom’s stock price to decline, identified new 7 information to the market, or was connected to the alleged misstatements and omissions. Plaintiff’s 8 claims should be dismissed.

9 II. BACKGROUND 10 Zoom. Founded in 2011, Zoom is a leading video conference platform. Zoom’s flagship 11 product, Zoom Meetings, offers “frictionless video, voice, chat and content sharing,” which allows 12 thousands of people on separate devices and in different locations to join a single video conference 13 meeting. (¶¶1 4-5; Ex. 9 at 1, 55.) The “ease of use” of its platform is a “key differentiator” between 14 Zoom and its competitors. See, e.g., Ex. 14 at 3. Zoom’s products were designed primarily for use 15 by large business and enterprise customers with sophisticated IT personnel, and before the 16 pandemic, that is how they were marketed and sold. Ex. 9 at 55-57. But during the pandemic, 17 Zoom’s user base expanded dramatically, to include millions of individuals and smaller entities. 18 Ex. 18 at 3, Ex. 13 at 5. Indeed, as Zoom provided free access to tens of millions of students 19 through its K-12 Initiative (Ex. 18 at 3) and became an essential technology across industries, 20 governments, and individuals, its daily meeting participants skyrocketed from ten million in 21 December 2019 to hundreds of millions of participants in April 2020. Ex. 19 at 3.

22 Encryption Technology. Encryption generally refers to the process of converting data into 23 an unrecognizable or “encrypted” form, such that it cannot be viewed without the required 24 password or “key” (also known as a “cryptographic key”). Ex. 11 at 1. The concept of “end-to- 25 end” (“E2E”) encryption has existed since at least the 1960s (see, e.g., Ex. 1 at vi, 10-11, 17) and 26 does not have a universally-accepted definition. In general terms, E2E encryption refers to the 27

1 28 All references to “¶” are to the Complaint. All references to “Ex.” are to the Exhibits attached to the Declaration of Tijana M. Brien submitted herewith. COOLEY LLP ATTORNEYS AT LAW MOT. TO DISMISS THE COMPLAINT PALO ALTO 2 3:20-CV-02353-JD

Case 3:20-cv-02353-JD Document 78 Filed 05/20/21 Page 9 of 22

1 transmission of an encrypted message from one user to another without decryption during the 2 transfer. In some E2E systems, the server generates the cryptographic key and distributes it to both 3 ends of the communication, which then use the key to access the content. See, e.g., Ex. 20 ( “[t]he 4 encryption of information at its origin and decryption at its intended destination without any 5 intermediate decryption”); Ex. 2 at 121 ( “[c]ontinuous protection of data that flows between two 6 points in a network”). In other contexts, E2E encryption can be defined as a system where only the 7 endpoints have access to the cryptographic keys, and the server (here, Zoom’s) does not.2

8 Zoom’s Encryption. Different Zoom products use different encryption methods. During 9 the Class Period, Zoom Meetings were encrypted at the point of origination (i.e., someone’s Zoom

10 desktop application) and remained fully encrypted when transmitted through Zoom’s systems until 11 the intended endpoint (i.e., the recipient’s desktop application). Ex. 16 at 2-3. At that point, the 12 “endpoint(s)” (not Zoom) would decrypt the data using a key automatically generated by Zoom. 13 Id. This type of E2E encryption is also referred to as “transport encryption” or “transport layer 14 encryption” (“TLS”). (¶¶ 56-57.) Zoom explained, before the Class Period, that it encrypted 15 communications in this manner. See, e.g., Ex. 4 at 4 (stating that Zoom was using a “Transport 16 Layer Security (TLS) encryption tunnel”).3 Zoom also did not hide that its servers generated and 17 maintained the decryption keys. For example, on its March 4, 2020 Earnings Call, Zoom told 18 investors that it was still “working on” a system in which “the encryption [is] based on the key 19 offered by customers,” i.e., a system where Zoom did not hold the cryptographic key. Ex. 13 at 20.

20 Zoom’s Other Features. Zoom also made clear that it offered many features that are 21 incompatible with how Plaintiff now, in hindsight, defines E2E encryption. For example, it was 22 widely known that users could join Zoom meetings by dialing in from a phone or third-party device 23 outside of Zoom’s control. (¶¶ 21, 56; Ex. 9 at 6 (noting “the interoperability of our platform across 24 devices, operating systems and third-party applications that we do not control”); Ex. 13 at 20.) 25 Because such devices often lack the ability to decrypt communications, Zoom’s servers would have 26 2 This is known as “zero knowledge encryption.” See, e.g., Ex. 5 at 4 (“Zero-Knowledge standards 27 enhance our end-to-end encryption as they ensure that we never have access to our users’ files and encryption keys in a readable format.”) (emphasis added). 3 28 Notably, Plaintiff does not allege that Zoom improperly decrypted any E2E-encrypted meeting data before it reached the intended endpoint. COOLEY LLP ATTORNEYS AT LAW MOT. TO DISMISS THE COMPLAINT PALO ALTO 3 3:20-CV-02353-JD

Case 3:20-cv-02353-JD Document 78 Filed 05/20/21 Page 10 of 22

1 to first decrypt the meeting data for those devices. Zoom also allowed users to record Zoom 2 meetings and store the recordings on Zoom’s cloud servers—a feature it could accomplish only 3 because Zoom had access to the cryptographic key. Ex. 10 at 3, 7.

4 The Industry Understood Zoom’s Encryption Practices. Long before Zoom’s use of 5 E2E encryption came under scrutiny in March 2020, Zoom made clear and industry participants 6 reported that, for Zoom Meetings, Zoom retained cryptographic keys. For example, an October 7 2014 article pointed out that “Zoom has access to the encryption key.” Ex. 3 at 3. Similarly, a 8 May 14, 2018 article stated that Zoom’s service was “encrypting messages between the participants 9 in a conversation and Zoom’s servers.” Ex. 6 at 2 (emphasis added); see also Ex. 7 at 1 (concluding

10 that Zoom had access to the encryption key). And in December 2019–almost four months before 11 the first alleged corrective disclosure–another article highlighted how the Company openly 12 discussed the very thing Plaintiff claims Zoom had kept a “secret[],” stating: “conversations we 13 have had with Zoom support staff indicate that Zoom stores a copy of all users’ private keys on 14 their server.” Ex. 12 at 4 (emphasis added); compare with ¶ 9(a).

15 Zoom’s Popularity Leads to Media Scrutiny. On July 8, 2019, a Medium article claimed 16 that Zoom “covertly” installed a web server on Mac computers. (¶¶ 35, 98.) Between that day and 17 the next alleged corrective disclosure in late March 2020, Zoom’s stock price rose by nearly $50. 18 In March 2020, as Zoom became a household name, it became the focus of even more intense 19 media scrutiny. On March 26, 2020, Motherboard published an article claiming that Zoom’s 20 application sent user data to Facebook. (¶¶ 13, 48-49.) Despite this announcement, Zoom’s stock 21 price maintained its rise, closing at $141.15. Ex. 21. The next day, Zoom informed consumers that 22 it had learned of the issue and discontinued the Facebook integration. See Ex. 15 at 1-2. Zoom’s 23 stock closed even higher, at $151.70. Ex. 21. A few days later, on March 30, the New York Times 24 reported that Zoom had received a letter from New York’s attorney general regarding Zoom’s 25 security measures, citing the July 2019 Medium and March 2020 Motherboard articles. (¶¶ 13, 52, 26 101.) Zoom’s stock price declined less than 1% on that day. Ex. 21. 27 On March 31, the focus shifted to Zoom’s encryption methods, with The Intercept 28 publishing an article questioning whether Zoom Meetings were E2E encrypted because Zoom had

COOLEY LLP ATTORNEYS AT LAW MOT. TO DISMISS THE COMPLAINT PALO ALTO 4 3:20-CV-02353-JD

Case 3:20-cv-02353-JD Document 78 Filed 05/20/21 Page 11 of 22

1 access to the cryptographic key. (¶¶ 56-60, 103.) As noted above, others had already commented 2 on the same in 2018 and 2019. See supra at 4-5. With the pandemic fueling a surge in consumers’ 3 use of Zoom, the Company responded to the claims in the article by explaining, in plain terms, its 4 method of encryption. See generally, Ex. 16. The next day, after market close on April 2, the New 5 York Times reported that one Zoom feature allowed hosts to view the publicly-available LinkedIn 6 profiles of meeting participants. (¶¶ 110.) Zoom’s stock opened higher after the article was 7 published. Ex. 21. Several articles followed, all repeating the same facts about Zoom’s encryption. 8 (¶¶ 107-09, 111-14.) Although Zoom’s stock price fluctuated that week, any alleged concerns 9 about purported privacy and security issues were fleeting. Zoom’s stock was back to its pre-

10 “corrective disclosure” price within 10 days, had doubled by July 2020, and by October 2020 11 climbed as high as $568 (an increase of nearly 400% from April 2020). Ex. 21.

12 III. LEGAL STANDARDS 13 To plead a claim under section 10(b) and Rule 10b-5, Plaintiff “must allege: (1) a material 14 misrepresentation or omission by the defendant (falsity); (2) scienter; (3) a connection between the 15 misrepresentation or omission and the purchase or sale of a security; (4) reliance upon the 16 misrepresentation or omission; (5) economic loss; and (6) loss causation.” Police Ret. Sys. of St. 17 Louis v. Intuitive Surgical, Inc., 759 F.3d 1051, 1057 (9th Cir. 2014) (citation omitted). The 18 PSLRA requires Plaintiff to plead falsity and scienter with particularity. Zucco, 552 F.3d at 990. 19 Plaintiff must also plead “all elements of a securities fraud action” with particularity under Federal 20 Rule of Civil Procedure 9(b). Or. Pub. Emps. Ret. Fund v. Apollo Grp. Inc., 774 F.3d 598 (9th Cir. 21 2014) (emphasis added). This includes alleging the “who, what, when, where, and how” of the 22 alleged fraud, and “set[tting] forth what is false or misleading about a statement, and why it is 23 false.” Vess v. Ciba-Geigy Corp. USA, 317 F.3d 1097, 1106 (9th Cir. 2003).

24 IV. ARGUMENT 25 A. Plaintiff Fails to Allege Any False or Misleading Statement. 1. Because Plaintiff Fails to Allege That There is Only One Possible 26 Meaning of “End to End Encryption,” His Claims Fail. 27 Plaintiff claims that Zoom misled investors by referring to “end-to-end” encryption. (¶ 6.) 28 This claim is based on a single sentence from Zoom’s 200-page IPO Prospectus, which stated

COOLEY LLP ATTORNEYS AT LAW MOT. TO DISMISS THE COMPLAINT PALO ALTO 5 3:20-CV-02353-JD

Case 3:20-cv-02353-JD Document 78 Filed 05/20/21 Page 12 of 22

1 generally that Zoom “offer[s] robust security capabilities, including end-to-end encryption,” (¶ 27, 2 Ex. A Stmt. 1), as well as statements in certain of Zoom’s customer-facing documents that Zoom’s 3 products were “secure with end-to-end AES256 bit encryption” or something similar. (¶ 30; Ex. 4 A, Stmts. 3-12.) Plaintiff claims these statements were false because, for some of its services, 5 Zoom’s server maintained the cryptographic keys, which–“theoretically”4–could have allowed 6 Zoom to decrypt communications between end users. (¶¶ 9(a), 34(a), 47(a), ¶ 72.) This claim, 7 however, is based on one specific and highly technical definition of the term “end-to-end 8 encryption,” to mean that “not even the company that runs the messaging service can access the 9 cryptographic keys necessary to decrypt the end users’ communication.” (¶ 9(a) fn.5.) But nothing

10 in the Complaint suggests that this definition is the only possible meaning of the phrase “end-to- 11 end encryption,” let alone one that Plaintiff or others outside of the cryptographic community would 12 have understood. Plaintiff himself does not allege as much, and even the “corrective disclosures” 13 he cites make clear that this is not the only definition. (See ¶¶ 56, 72.) 14 Plaintiff’s claim thus fails under the Ninth Circuit’s analysis in Wochos v. Tesla, Inc. There, 15 plaintiffs claimed that Tesla misled investors by saying it made “50 production cars” because, 16 according to plaintiffs, the phrase “production car” is “a term of art in the automotive industry” 17 meaning that a car is produced by automation. Wochos v. Tesla, Inc., 2019 WL 1332395, at *6 n.2 18 (N.D. Cal. Mar. 25, 2019) (Tesla I), aff’d, Wochos v. Tesla, 985 F.3d 1180 (9th Cir. 2021) (Tesla 19 II). The Ninth Circuit disagreed, holding that “Plaintiffs had to plead sufficient facts to establish 20 that the actual term used had the distinctive, and false, meaning that Plaintiffs claim.” Tesla II, 985 21 F.3d at 1194. The court explained that plaintiffs had failed to show their preferred definition was 22 the only definition, because “[p]laintiffs pleaded no facts to support their premise that ‘production 23 car’ would be understood as referring exclusively to the fully automated production of identical 24 vehicles.” Id.; see also Kelly v. Elec. Arts, Inc., 2015 WL 1967233, at *7–8 (N.D. Cal. Apr. 30, 25 2015) (holding that plaintiff failed to sufficiently allege that the term “de-risk” had the precise 26 meaning necessary to render defendants’ uses of the term false). Plaintiff’s falsity theory here fails 27 28 4 Plaintiff does not allege that Zoom, or anyone else, used the keys to decrypt communications. COOLEY LLP ATTORNEYS AT LAW MOT. TO DISMISS THE COMPLAINT PALO ALTO 6 3:20-CV-02353-JD

Case 3:20-cv-02353-JD Document 78 Filed 05/20/21 Page 13 of 22

1 for precisely the same reason.5 2 In fact, there is no exclusive definition of E2E. Whereas some have defined it to require 3 that a provider (such as Zoom) not have access to the cryptographic key (see ¶ 9, n.5), others have 4 adopted a definition that merely provides for data transfer between endpoints without decryption 5 along the way, agnostic to whether a provider maintains the key or not. See supra at 2-3. Because 6 Zoom’s use of E2E was consistent with the latter, Zoom’s statements were not false. See, e.g., In 7 re Adolor Corp. Sec. Litig., 616 F. Supp. 2d 551, 566 (E.D. Pa. 2009) (rejecting Plaintiff’s claim 8 that statements that defendant’s studies were “randomized” was false when, at “the most” Plaintiff 9 had shown that there were “grounds for disagreement about how to conduct a randomized study”).

10 Plaintiff is also wrong that Zoom “secretly” held the cryptographic key or was otherwise 11 deceptive about its encryption practices. (¶ 9(a).) To the contrary, Zoom openly advertised features 12 (i.e, cloud recording and phone dial-in access) that are fundamentally incompatible with Plaintiff’s 13 definition of E2E. See Ex. 9 at 85; supra at II. Accordingly, it is unreasonable to infer from Zoom’s 14 statements about E2E that it did not have the cryptographic keys. See Tesla I, 2019 WL 1332395, 15 at *6 n.2 (“Defendants . . . indicated in their public disclosures that their facilities were not fully 16 automated at the time. And so it is unreasonable to infer from Tesla’s statement . . . that Tesla was 17 representing that it had a fully completed automated assembly line.”); see also Kuriakose v. Fed. 18 Home Loan Mortg. Corp., 2011 WL 1158028, at *11 (S.D.N.Y. Mar. 30, 2011) (rejecting claim 19 that use of “subprime” was misleading where plaintiff claimed that “subprime” loans were defined 20 as loans to borrowers with a FICO score of less than 600 where defendant disclosed it was using a 21 criteria of 620 or less).6 Because Plaintiff does not plead with specificity that Zoom’s statements 22 about E2E encryption were false or misleading when made his claims should be dismissed.7 23 5 In any event, Plaintiff does not dispute that some of Zoom’s features (such as chat) offered E2E 24 in the way Plaintiff defines it. (See ¶34(a).) As a result, Zoom’s statements in its Prospectus and blog posts that it offered “end-to-end encryption” as part of its “technology and infrastructure” are 25 true even accepting Plaintiff’s use of that term. See, e.g., Ex. A, Stmts. 3, 6, 8, 10. 6 Plaintiff also fails to allege how Zoom’s statement that “[f]inancial services organizations require 26 security features like end-to-end encryption” (Ex. A, Stmt. 10) says anything about Zoom’s encryption practices or capabilities. Nor does Plaintiff plead how Zoom’s alleged installation of a 27 web server on Mac devices (see, e.g., Complaint, Ex. A “Reasons”) renders any of Zoom’s E2E encryption statements false, or even relates to encryption whatsoever. 7 28 In addition, Zoom’s statements that AES 256-bit encryption generally is a “feature” or “benefit” of the entire Zoom platform (¶ 30, Ex. A, Stmt. 3), are not rendered false by Plaintiff’s allegations COOLEY LLP ATTORNEYS AT LAW MOT. TO DISMISS THE COMPLAINT PALO ALTO 7 3:20-CV-02353-JD

Case 3:20-cv-02353-JD Document 78 Filed 05/20/21 Page 14 of 22

1 2. Zoom’s Privacy Policy Contained No Misstatements or Omissions. 2 Plaintiff relies on one sentence from Zoom’s Privacy Policy, that it “may collect” “Personal 3 Data” including “Facebook profile information,” to bootstrap his claims that Zoom did not disclose 4 that the Company allegedly (1) sent user data to Facebook; (2) allowed access to users’ public 5 LinkedIn profiles; and (3) installed a web server that purportedly bypassed security features on Mac 6 computers. (¶¶ 9(b)-(c), 10, 34(b)-(d); 47(b)-(c), Ex. A Stmts. 2, 12-15.) But Zoom had no duty 7 to disclose this information. Basic Inc. v. Levinson, 485 U.S., 224, 239, n. 17 (1988) (“Silence, 8 absent a duty to disclose, is not misleading under Rule 10b–5”). 9 To be actionable “an omission must . . . affirmatively create an impression of a state of

10 affairs that differs in a material way from the one that actually exists.” Brody v. Transitional Hosps. 11 Corp., 280 F.3d 997, 1006 (9th Cir. 2002) (emphasis added). As such, Plaintiff must show that the 12 statement that Zoom may collect Facebook user data led investors in “a wrong direction” because 13 it was inconsistent with Zoom allegedly providing user data to Facebook. Veal v. LendingClub 14 Corp., 423 F. Supp. 3d 785, 807-808 (N.D. Cal. 2019); Kairalla v. Advanced Med. Optics, Inc., 15 2008 WL 2879087, at *3 (C.D. Cal. June 6, 2008) (“Statements are not misleading where they are 16 ‘not necessarily inconsistent with the underlying true facts.’”) (citation omitted). Plaintiff does not 17 do so. In fact, the Privacy Policy made clear that Zoom could share “Personal Data” with “affiliated 18 companies,” “third party service providers,” “business partners, service vendors and/or authorized 19 third-party agents or contractors” – one of which was Facebook. Ex. 8 at 3. 20 Nor does Zoom’s statement that it “may collect” data say anything about access to users’ 21 public LinkedIn profiles. Undeniably, Plaintiff does not challenge a single statement about 22 LinkedIn profile information, much less a purported guarantee of user anonymity. And Plaintiff 23 does not identify a single statement about installing (or not installing) web servers on Mac devices. 24 (See, e.g., ¶¶ 70, 91.) No reasonable investor could have read Zoom’s Privacy Policy as a promise 25 that it would not do these things. Kairalla., 2008 WL 2879087, at *3 (statements were inactionable 26

27 that Zoom used AES 128-bit encryption for Zoom Meetings. Zoom used AES256 to encrypt presentations, chat sessions, and screen sharing content. See Ex. 4 at 2-3; Ex. 10 at 2, 4. Plaintiff 28 does not allege this was false. Nor does Plaintiff allege any material difference between offering 128 v. 256 bit encryption. As such, he fails to plead a material misstatement or omission. COOLEY LLP ATTORNEYS AT LAW MOT. TO DISMISS THE COMPLAINT PALO ALTO 8 3:20-CV-02353-JD

Case 3:20-cv-02353-JD Document 78 Filed 05/20/21 Page 15 of 22

1 because they “created no affirmative impression” regarding allegedly omitted information); see 2 also In re Rigel Pharms., Inc. Sec. Litig., 697 F.3d 869, 880 n.8 (9th Cir. 2012) (federal securities 3 laws “prohibit only misleading and untrue statements, not statements that are incomplete”).8

4 B. Yuan and Steckelberg Cannot Be Liable for Statements They Did Not “Make.” 5 Aside from the Prospectus, the Complaint does not allege that Yuan or Steckelberg had any 6 involvement in the challenged statements whatsoever. Even in his boilerplate, conclusory 7 allegations that Yuan and Steckelberg “controlled” Zoom, Plaintiff does not mention Zoom’s 8 privacy policy, security guides, website, or blogs. (See ¶ 25.) Yuan and Steckelberg cannot be 9 liable for statements they did not make. See Janus Cap. Grp., Inc. v. First Derivative Traders, 564

10 U.S. 135, 142-43 (2011). And Plaintiff’s reliance on their roles alone to suggest that they “made” 11 the challenged statements is “insufficient under Janus.” See Neborsky v. Valley Forge Composite 12 Techs., Inc., 2014 WL 1705522, at *6 (S.D. Cal. Apr. 28, 2014). As such, the Court should dismiss 13 any statements that Yuan or Steckelberg are not alleged to have made.

14 C. Plaintiff Fails to Plead a Strong Inference of Scienter. 15 The Complaint also fails to adequately plead that any defendant acted with fraudulent intent. 16 To plead scienter, Plaintiff must set forth, in great detail, “facts that constitute strong circumstantial 17 evidence of deliberately reckless or conscious misconduct.” In re Silicon Graphics Inc. Sec. Litig., 18 183 F.3d 970, 974 (9th Cir. 1999), superseded by statute on other grounds. The scienter analysis 19 requires a “dual inquiry” to determine whether the allegations are sufficient individually and 20 holistically and is “inherently comparative.” Zucco, 552 F.3d at 991-92. As to each defendant, the 21 allegations must be “[p]ersuasive, effective, and cogent” and give rise to an inference of scienter 22 that is “at least as compelling as any opposing inference.” Tellabs, Inc. v. Makor Issues & Rights, 23 Ltd., 551 U.S. 308, 323–24 (2007).

24 1. Plaintiff Fails to Plead Scienter as to Yuan and Steckelberg. 25 As an initial matter, the Complaint contains no specific allegations suggesting that Yuan or 26 Steckelberg knew, or were deliberately reckless in not knowing, that any challenged statements 27 8 Similarly, Plaintiff’s challenge of the statement that “[w]e’ve designed policies and controls to 28 safeguard the collection, use, and disclosure of your information” fails. (¶ 43, Ex. A, Stmt. 12.) The very fact that Zoom had a Privacy Policy defeats this claim. COOLEY LLP ATTORNEYS AT LAW MOT. TO DISMISS THE COMPLAINT PALO ALTO 9 3:20-CV-02353-JD

Case 3:20-cv-02353-JD Document 78 Filed 05/20/21 Page 16 of 22

1 would mislead investors. In Exhibit A’s scienter column, Yuan is mentioned only twice (See Ex. 2 A). First, Plaintiff references that Yuan was one of several inventors on decade-old patents, related 3 to technology deployed by a different company. (See ¶ 34(a).) But these say nothing about Yuan’s 4 state of mind up to fifteen years later. Second, Plaintiff claims that Yuan “built Zoom’s platform 5 from the ground up” (¶ 92), but provides no particularized facts of what Yuan knew, when he knew 6 it, or how such knowledge rendered any challenged statement intentionally or recklessly false and 7 misleading. The allegations as to Steckelberg are also deficient. Her name appears nowhere in 8 Exhibit A among the facts alleged to support scienter. In fact, she is mentioned in the Complaint 9 only three times: (1) twice, when she is identified as a party; and (2) once, when she is quoted as

10 stating that Yuan built Zoom. (See ¶¶ 2, 23, 92.) As Plaintiff cannot allege “a single fact showing 11 what each defendant knew, when he/she knew it, or how he/she acquired that knowledge,” the 12 Complaint must be dismissed. In re Verisign, Inc., Derivative Litig., 531 F. Supp. 2d 1173, 1207 13 (N.D. Cal. 2007). Moreover, because Plaintiff does not allege scienter as to either Yuan or 14 Steckelberg, he cannot allege scienter as to Zoom.9 Cheung v. Keyuan Petrochemicals, Inc., 2012 15 WL 5834894, at *3 (C.D. Cal. Nov. 1, 2012) (“Plaintiffs must allege the requisite level of scienter 16 with respect to at least one of the Individual Defendants” in order to plead corporate scienter).10

17 a. Plaintiff Fails to Plead Scienter as to Zoom’s Use of E2E. 18 Like his flawed falsity theory, Plaintiff’s scienter theory assumes that there is only a single 19 “commonly-accepted definition” of E2E. (¶ 9, n.5.) But because the Complaint does not 20 adequately plead as much, merely alleging knowledge of encryption methods or terminology 21 (which, to be clear, the Complaint also fails to do) does nothing to further Plaintiff’s claims. See 22 Rigel Pharms., 697 F.3d 869 at 883 (knowledge of a fact is insufficient without allegations that 23

9 24 Plaintiff’s attempt to plead scienter as to all “Defendants” as a group similarly fails. Group pleading has long been rejected in this Circuit, except in the most limited circumstances, not present 25 here. See Cheung, 2012 WL 5834894 at *4. But even if corporate scienter could be enough for Plaintiff to carry his burden, the Complaint’s allegations still do not give rise to an inference of 26 scienter, much less a cogent and compelling one. 10 The Complaint’s scienter theory also hinges on generalized allegations that Defendants “knew” 27 information that rendered their statements false, or that it would be “absurd” for management not to have known it. (See, e.g., ¶¶ 34(a), 92; Ex. A, Stmts. 1 and 3.) These allegations fail because 28 they “are entirely conclusory.” In re LeapFrog Enters., Inc. Sec. Litig., 527 F. Supp. 2d 1033, 1044 (N.D. Cal. 2007). COOLEY LLP ATTORNEYS AT LAW MOT. TO DISMISS THE COMPLAINT PALO ALTO 10 3:20-CV-02353-JD

Case 3:20-cv-02353-JD Document 78 Filed 05/20/21 Page 17 of 22

1 defendants “believed that they made false or misleading statements”). Without demonstrating that 2 Yuan or Steckelberg knew Zoom’s use of the term E2E would mislead investors, Plaintiff fails to 3 plead scienter. See City of Dearborn Heights Act 345 Police & Fire Ret. Sys. v. Waters Corp., 632 4 F.3d 751, 758 (1st Cir. 2011) (a Complaint must connect knowledge “of certain undisclosed facts” 5 to “whether defendants knew or should have known that their failure to disclose those facts 6 ‘present[ed] a danger of misleading’” investors (citation omitted)). 7 Plaintiff also highlights statements made after some of the alleged corrective disclosures, 8 trying to show knowledge that Zoom’s prior mentions of E2E encryption were false or misleading. 9 See, e.g., Ex. A, Stmt. 1. But in order for such statements to establish scienter, they must be “a

10 statement similar to ‘I knew it all along,’ establishing the falsity of an earlier statement by means 11 of a later statement by the defendant.” Yourish v. Cal. Amplifier, 191 F.3d 983, 996 (9th Cir. 1999). 12 None of these after-the-fact statements rise to that level. In fact, the only cited statement even 13 tenuously attributable to the Individual Defendants (a Zoom blog post listing Yuan as author) made 14 clear that Zoom lacked any intent to deceive. (Ex. 16, April 1, 2020 Post (“we never intended to 15 deceive any of our customers . . . “) (emphasis added).) The other statement, allegedly made by an 16 unidentified “Zoom spokesperson” (¶ 56), says nothing of Yuan’s or Steckelberg’s state of mind, 17 particularly, at the time the statements were made. And even if Yuan or Steckelberg had 18 acknowledged, months to years after making such statements, that some users may have been 19 confused by Zoom’s use of E2E, this does not establish that they knew that any of the statements 20 were false when made. See In re Advanta Corp. Sec. Litig., 180 F.3d 525, 536 (3d Cir. 1999) 21 (allegation that defendant “expressed regret” nine months after false statement does not 22 demonstrate “actual knowledge of [] statements’ falsity” when it was made). 23 As a last-ditch effort, Plaintiff cites Zoom’s settlement with the FTC. See ¶ 95; Ex. A, 24 Stmts. 1-12. However, a government settlement, particularly where, as here, Zoom did not admit 25 to any wrongdoing and the government levied no fines or penalties, cannot establish scienter. See, 26 e.g., Glazer Cap. Mgmt., LP v. Magistri, 549 F.3d 736, 748–49 (9th Cir. 2008) (rejecting Plaintiff’s 27 argument that defendant’s settlements with the DOJ and SEC were “sufficient to create a strong 28 inference of scienter”).

COOLEY LLP ATTORNEYS AT LAW MOT. TO DISMISS THE COMPLAINT PALO ALTO 11 3:20-CV-02353-JD

Case 3:20-cv-02353-JD Document 78 Filed 05/20/21 Page 18 of 22

1 b. Plaintiff Fails to Plead Scienter as to the Alleged Privacy Policy Omissions. 2 3 Plaintiff’s allegations as to the Privacy Policy statements fare no better. Plaintiff does not 4 even allege that Yuan or Steckelberg knew about Zoom’s alleged collection or use of Facebook 5 data, or the fact that Facebook’s Software Development Kit (“SDK”) was in Zoom’s application. 6 And Plaintiff’s reliance on the existence of Facebook’s SDK policy is insufficient. (¶40; see also 7 ¶¶34(b), 47(b).) He does not allege that Yuan or Steckelberg were aware of Facebook’s SDK 8 policy, much less that they reviewed its contents and understood its implications. To give rise to 9 an inference of scienter, “allegations must consist of more than generalities about management’s

10 access to data.” Bodri v. GoPro, 252 F. Supp. 3d 912, 932 (N.D. Cal. 2017). But Plaintiff’s own 11 allegations concede that Defendants did not have knowledge of the issue when the statements were 12 made. (See ¶ 50 (“we were made aware on Wednesday, March 25, 2020”) (emphasis added).) As 13 to the Mac and LinkedIn allegations, Plaintiff broadly claims that “Zoom” “designed” the Mac 14 server or “Defendants” “introduced” the “LinkedIn profile matching feature.” (¶¶ 38, 68.) Plaintiff 15 does not allege what (if anything) the Individual Defendants knew about these features, when (if 16 ever) they learned about them, or how knowledge of these features suggests knowledge that entirely 17 unrelated statements could mislead investors. These types of “generalized claims about corporate 18 knowledge are not sufficient to create a strong inference of scienter.” Zucco, 552 F.3d at 998. 2. Viewed Holistically, the More Cogent and Compelling Inference is an 19 Innocent One. 20 When the allegations in the Complaint are viewed holistically, the far more compelling 21 inference is that Defendants acted in good faith. In addition to the lack of particularized facts that 22 Yuan or Steckelberg acted with an intent to defraud, the Complaint lacks any circumstantial 23 evidence of scienter. For example, Plaintiff does not allege any improper stock sales during the 24 class period, which “is highly relevant and undermines any inference of scienter.” In re Pixar Sec. 25 Litig., 450 F. Supp. 2d 1096, 1107 (N.D. Cal. 2006). Plaintiff also fails to set forth any (much less, 26 a plausible) motive for defendants to commit fraud, “significantly undermin[ing]” his theory. 27 Bodri, 252 F. Supp. 3d at 933. 28 Further, the Complaint does not even allege that Yuan or Steckelberg had any involvement

COOLEY LLP ATTORNEYS AT LAW MOT. TO DISMISS THE COMPLAINT PALO ALTO 12 3:20-CV-02353-JD

Case 3:20-cv-02353-JD Document 78 Filed 05/20/21 Page 19 of 22

1 in the policies, website or blog that contained the allegedly false or misleading statements. Save 2 one sentence in the Prospectus, the Complaint does not allege that Yuan and Steckelberg used SEC 3 filings, press releases, or investor conference calls to commit securities fraud. It makes no sense 4 that if Yuan and Steckelberg intended to inflate Zoom’s stock price, they would try to do so through 5 marketing and consumer-facing materials that investors would not typically read.11 Nor would they 6 have done so about facts that could readily be determined by a review of Zoom’s product offerings 7 or media reports dating back to 2014. See supra at 4-5. 8 Plaintiff’s theory that Defendants intended to defraud investors is further undermined by 9 the Complaint’s failure to allege any materially false or misleading statements. See Jasin v. Vivus,

10 Inc., 2016 WL 1570164, at *15 (N.D. Cal. Apr. 19, 2016), aff’d, 721 F. App’x 665 (9th Cir. 2018) 11 (“if the materiality of a particular fact is in question, that ‘tends to undercut’ an inference that a 12 defendant acted with the requisite scienter”). Plaintiff does not allege that Zoom improperly 13 decrypted data or accessed meeting information, and there is no allegation that investors would care 14 that Zoom did not disclose its theoretical ability to decrypt meetings. Plaintiff also does not allege 15 that Zoom charged a premium or extra fee for E2E technology. Similarly, Plaintiff fails to plead 16 that Zoom’s alleged sharing of device data with Facebook, providing access to publicly-available 17 LinkedIn profiles, or installation of a web server on Mac computers ever mattered to investors. 18 Viewing the Complaint’s allegations holistically, the most compelling inference is that 19 during the Class Period, Zoom described its platform and encryption fairly and in good faith. When 20 Zoom became a household name, it came under intense scrutiny. As Zoom learned about consumer 21 concerns about its technology, it took immediate steps to address them. And, as its later stock price 22 has shown, Zoom’s pandemic growing pains did not deter investors one bit. Simply put, the most 23 (and only) compelling inference is the “alternative innocent explanation.” Zucco, 552 F.3d at 1006. 24 25 11 For this reason, Plaintiff also does not adequately plead that the majority of statements were made 26 in connection with the purchase or sale of securities. McGann v. Ernst & Young, 102 F.3d 390, 396-98 (9th Cir. 1996). To sustain a 10b-5 claim, a statement must be made “in a manner 27 reasonably calculated to influence the investing public.” Id. “The kinds of statements courts have found to satisfy the ‘in connection with’ requirement are typically documents directly targeted to 28 investors or the investment community.” Di Donato v. Insys Therapeutics Inc., 2017 WL 3268797, at *16 (D. Ariz. Aug. 1, 2017). COOLEY LLP ATTORNEYS AT LAW MOT. TO DISMISS THE COMPLAINT PALO ALTO 13 3:20-CV-02353-JD

Case 3:20-cv-02353-JD Document 78 Filed 05/20/21 Page 20 of 22

1 D. Plaintiff Fails to Adequately Plead Loss Causation. 2 To plead loss causation, plaintiff must allege particularized facts showing that: “(1) a 3 corrective disclosure revealed, in whole or in part, the truth concealed by the defendant’s 4 misstatements; and (2) disclosure of the truth caused the company’s stock price to decline and the 5 inflation attributable to the misstatements to dissipate.” In re BofI Holding, Inc. Sec. Litig., 977 6 F.3d 781, 791 (9th Cir. 2020). Plaintiff fails to do so for any of the numerous “corrective 7 disclosures” he relies on. 8 “Disclosures” that did not cause a price decline. First, for several of the alleged 9 “corrective disclosures,” Plaintiff ignores or misleadingly portrays Zoom’s stock price reaction.

10 For example, following the March 26, 2020 Motherboard article reporting the Facebook issue 11 Zoom’s stock price rose from $140.51 to $141.15 at market close, and opened even higher the next 12 day, at $145.70. Ex. 21. Similarly, the April 2, 2020 New York Times article regarding Zoom’s 13 LinkedIn profile matching was published after the market closed at a value of $121.93 per share 14 and Zoom’s stock price opened at a higher price the next morning: $124.30. Ex. 21. As to other 15 alleged disclosures, Plaintiff relies on the “intraday” low price (see, e.g., ¶ 112) to obfuscate that 16 Zoom’s stock price rose after the alleged corrective disclosures. For example, on April 3, 2020, 17 the date of the Citizen Lab report regarding Zoom’s level of encryption (¶ 112), Zoom’s stock price 18 increased to $128.20. Ex. 21. Likewise, on April 6, 2020 Zoom’s stock again rose from its opening 12 19 price of $118.00 to close at $122.94. Ex. 21. None of these disclosures can support loss causation. 20 “Disclosures” that did not introduce new information. Second, several of Plaintiff’s 21 other “corrective disclosures” did not “reveal new information to the market,” and Plaintiff fails to 22 “plead with particularity facts plausibly explaining why the information was not yet reflected in the 23 Company’s stock price.” BofI Holding, 977 F.3d at 794 (emphasis added). For example, Plaintiff 24 alleges that The Intercept’s March 31, 2020 article revealed that Zoom’s servers held the 25 12 While it is unclear what Plaintiff alleges as a corrective disclosure on April 6, 2020 (compare ¶ 26 79 (discussing the removal of “end-to-end” encryption references on Zoom’s blog) with ¶ 114 (referencing Credit Suisse analyst report and Fortune article); see also ¶ 115), it is not clear how 27 the removal of information could constitute a corrective disclosure, especially where, as here, there is no evidence that the market even noticed—let alone reacted to—such removal. Further, the 28 Complaint alleges that Zoom “scrubbed” references to “end-to-end” encryption on its blog on April 7 and 8, 2020 as well – yet entirely ignores them in ending the class period on April 6, 2020. COOLEY LLP ATTORNEYS AT LAW MOT. TO DISMISS THE COMPLAINT PALO ALTO 14 3:20-CV-02353-JD

Case 3:20-cv-02353-JD Document 78 Filed 05/20/21 Page 21 of 22

1 cryptographic keys. (¶¶ 56-57.) But industry publications from December 2019 (and before) had 2 already disclosed that “Zoom stores a copy of all users’ private keys on their server.” Ex. 12 at 4; 3 see supra at 4-5. The same is true for several other “corrective disclosures” that merely repackaged 4 information that was already in the market, and thus already reflected in Zoom’s stock price. See, 5 e.g., ¶¶ 101, 52 (March 30, 2020 New York Times article)13; ¶ 105 (Zoom’s April 1, 2020 blog 6 post); ¶¶ 107-08 (April 2, 2020 CNBC and Variety articles); ¶ 113 (WSJ’s April 4, 2020 interview 7 with Yuan). They cannot constitute corrective disclosures because they did not reveal anything 8 new to the market. BofI Holding, 977 F.3d at 794 (a corrective disclosure “must by definition 9 reveal new information to the market”); Tesla II, 985 F.3d at 1198 (blog post was not a “corrective

10 disclosure” where the alleged truth was revealed a month earlier in a news article).

11 “Disclosures” that do not relate back to the alleged misstatement or omission. 12 Plaintiff’s other “corrective disclosures” also fail because they do not “relate back to the [alleged] 13 misrepresentation.” Ferraro Family Found., Inc. v. Corcept Therapeutics Inc., 2020 WL 6822916, 14 at *23 (N.D. Cal. Nov. 20, 2020) (citations omitted). For example, for the “disclosures” regarding 15 Zoom’s installation of Mac web servers (¶¶ 35, 98) and LinkedIn profile matching (¶ 110), the 16 Complaint does not “allege specific statements made by the Defendants that were made untrue or 17 called into question” by the alleged disclosure. Apollo Grp., 774 F.3d at 608.

18 V. CONCLUSION 19 For the foregoing reasons, the Complaint should be dismissed.14 20 21 22 23 24

13 25 Nor is the New York Times’ announcement of the New York Attorney General’s investigation a corrective disclosure, because it did not reveal any fraudulent practices to the market. Loos v. 26 Immersion Corp., 762 F.3d 880, 890 (9th Cir. 2014), as amended (Sept. 11, 2014) (“[A]ny decline in a corporation’s share price following the announcement of an investigation can only be attributed 27 to market speculation about whether fraud has occurred,” “which “cannot form the basis of a viable loss causation theory.”). 14 28 Because the Complaint does not state a primary violation, Plaintiff’s “control person” claim under Section 20(a) fails. Rigel Pharms., 697 F.3d at 886. COOLEY LLP ATTORNEYS AT LAW MOT. TO DISMISS THE COMPLAINT PALO ALTO 15 3:20-CV-02353-JD

Case 3:20-cv-02353-JD Document 78 Filed 05/20/21 Page 22 of 22

1 Dated: May 20, 2021 COOLEY LLP

2 3 By: /s/ Patrick E. Gibbs Patrick E. Gibbs 4 Attorneys for Defendants 5 Zoom Video Communications, Inc., Eric S. Yuan, and Kelly Steckelberg 6

7 240954435

8 9

10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

COOLEY LLP ATTORNEYS AT LAW MOT. TO DISMISS THE COMPLAINT PALO ALTO 16 3:20-CV-02353-JD