                                                                             F I L E D
                                                                      United States Court of Appeals
                                                                              Tenth Circuit
                        UNITED STATES COURT OF APPEALS
                                                                              FEB 23 2004
                                   TENTH CIRCUIT
                                                                         PATRICK FISHER
                                                                                  Clerk

 MARY HELEN MILLER, on behalf of
 herself and all others similarly
 situated,

           Plaintiff - Appellant/Cross-             Nos. 02-1007 and 02-1031
           Appellee,                                       (Colorado)
                                                      (D.Ct. No. 99-S-481)
 v.

 IMAGE DATA LLC,

           Defendant - Appellee/Cross-
           Appellant,

 and

 ROBERT C. HOUVENER,
 individually and in his official
 capacity,

           Defendant.


                              ORDER AND JUDGMENT *


Before EBEL, Circuit Judge, PORFILIO, Senior Circuit Judge, and O’BRIEN,
Circuit Judge.



       *
          This order and judgment is not binding precedent except under the doctrines of
law of the case, res judicata and collateral estoppel. The court generally disfavors the
citation of orders and judgments; nevertheless, an order and judgment may be cited under
the terms and conditions of 10th Cir. R. 36.3.
      Mary Helen Miller brought suit against Image Data LLC alleging violations

of the Driver’s Privacy Protection Act (“Driver’s Privacy Act”), 18 U.S.C. §§

2721-2725, and Colo. Rev. Stat. § 42-1-206. 1 Both Miller and Image Data filed

motions for summary judgment. The court granted Image Data’s motion, denied

Miller’s, and, in a separate judgment, ordered each party to pay its own fees and

costs. Miller appeals the district court’s grant of summary judgment to Image

Data and the denial of her motion, while Image Data cross-appeals the court’s

determination of costs. Exercising jurisdiction under 28 U.S.C. § 1291, we

AFFIRM the district court’s ruling on summary judgment and REVERSE and

REMAND its ruling on costs.

I.    Background

      Image Data is a high tech start-up company formed to commercially

develop its True ID® system technology. The technology allows an individual’s

digitized photographic image to be displayed on a small monitor at the point of a

transaction, enabling identity verification. Soon after the company’s formation,

its principals engaged in discussions with federal and state government officials,

including Colorado, to tout the potential of their technology in preventing identity

fraud. These discussions culminated in several contracts relevant to this case.


      1
        Colo. Rev. Stat. § 42-1-206 was repealed by Laws 1999, Ch. 298, § 4, eff. Aug.
4, 1999; deleted by Laws 1999, Ch. 118, § 3, eff. April 16, 1999) after a public outcry
regarding the security and potential use of the information sold to Image Data.

                                           -2-
      One contract involved Image Data and the United States Secret Service, the

federal agency primarily responsible for combating identity-based crimes. After

Image Data spoke with several federal legislators regarding the scope of identity

fraud and potential solutions to the problem, Congress earmarked $1.46 million

dollars in October 1997 (federal fiscal year 1998) to fund a pilot project testing

the possible technological approach to the problem. The funds were appropriated

to the Secret Service, who in turn, contracted with Image Data in late 1997 to

implement a pilot project. The project was designed with two objectives: (1) to

“show the technical and financial feasibility of using remotely stored digital

portrait images to securely perform positive identification of patrons putting forth

financial instruments for negotiation or identity documents for access to

services[,]” and (2) to “demonstrate how the technology can be used to prevent

the issuance and use of counterfeit driver licenses at the state level . . . . ”   (App.

Vol. I, p. 136.) The parties disagree whether Image Data informed the Colorado

officials of the ongoing negotiations for the Secret Service pilot project.

      While Image Data was cultivating the federal contract, it was also in

discussions with Colorado officials regarding the purchase of the data found on

Colorado drivers’ licenses. Because the Colorado officials wanted to be sure the

purchase was legally valid, they proposed legislation which was passed in 1997,

Colo. Rev. Stat. § 42-1-206. Subsection (3)(a) of that statute allowed the sale of


                                           -3-
driver’s license information “if such items are to be used solely for the prevention

of fraud, including, but not limited to, use in mechanisms intended to prevent the

fraudulent use of credit cards, debit cards, checks, or other forms of financial

transactions.”

       Following passage of the legislation, on November 14, 1997, Image Data

and the State of Colorado entered into a contract to allow Image Data to purchase

from the Colorado Department of Motor Vehicles (DMV), “copies of

photographs, electronically stored photographs, or digitized images from driver’s

license records and to sell the companion demographic data for identity

verification to prevent fraud . . . .” 2 (App. Vol. I, p. 82.) The contract echoed the

language found in Colo. Rev. Stat. 42-1-206(3)(a) to establish the parameters of

the sale.

       Miller, a Colorado resident with a valid driver’s license and whose DMV

information was presumably sold to Image Data, brought suit alleging Image

Data: 1) procured information from the DMV for purposes other than the

prevention of financial fraud in violation of the Driver’s Privacy Act, 18 U.S.C. §



       2
        The two types of data identified in the contract include “image data” and
“demographic data.” (App. Vol. I, p. 83.) Image data is defined as “all images possessed
by the state or its agents of the holders of Colorado drivers licenses and state
identification cards . . .” (Id.) “Demographic data” is defined as the data appearing on the
face of the card, including “the holder’s name, address, . . . card number, social security
number, date of birth, sex, height, weight, hair color and eye color . . . .” (Id.)

                                            -4-
2722(a), and Colo. Rev. Stat. § 42-1-206 (3)(a); and 2) obtained the DMV

information without disclosing its involvement with the Secret Service in

violation of § 2722(b). 3 The district court concluded Image Data’s proposed use

of the DMV information was permitted under § 2722(a), and Miller could not

assert a private cause of action under § 2722(b). This appeal and cross appeal

followed.

II.    Standard of Review

       We review rulings on summary judgment de novo applying well-settled

standards. Koch v. Koch Indus., Inc., 203 F.3d 1202, 1212 (10th Cir.), cert.

denied, 531 U.S. 926 (2000). Summary judgment is appropriate "if the pleadings,

depositions, answers to interrogatories, and admissions on file, together with the

affidavits, if any, show that there is no genuine issue as to any material fact and

that the moving party is entitled to a judgment as a matter of law." Fed. R. Civ.

P. 56(c).

III. Driver’s Protection Privacy Act

       “The DPPA [Driver’s Privacy Act] regulates the disclosure and resale of

personal information contained in the records of state DMV’s by limiting the




       3
         Miller also filed suit against Robert Houvener, former president of Image Data,
in his individual and official capacities. The district court dismissed her claim against
Houvener with prejudice. This ruling is not challenged on appeal.

                                            -5-
state’s ability to disclose a driver’s personal information without her consent. 4

Reno v. Condon, 528 U.S. 141, 143-44 (2000). This prohibition extends to the

state and to persons who have obtained the information from the state. Id. at 146

(citing 18 U.S.C. § 2721(c)). However, the restricted disclosure of personal

information is subject to a number of mandatory and permissive statutory

exceptions. 5 18 U.S.C. § 2721(b)(1)-(14).

       Section 2722 defines unlawful acts as follows:

       (a) Procurement for unlawful purpose. – It shall be unlawful for any
       person knowingly to obtain or disclose personal information, from a
       motor vehicle record, for any use not permitted under section 2721(b)
       of this title.
       (b) False representation. – It shall be unlawful for any person to
       make false representation to obtain any personal information from an
       individual’s motor vehicle record.


The Driver’s Privacy Act authorizes a private right of action in federal court when

“[a] person . . . knowingly obtains, discloses or uses personal information, from a

motor vehicle record, for a purpose not permitted under this chapter” and the



      Such consent cannot be implied, but must be affirmatively obtained. Reno v.
       4

Condon, 528 U.S. 141, 144-45 (2000).
       5
        The Driver’s Privacy Act mandates certain information regarding various matters
in connection with motor vehicles shall be disclosed “to carry out the purposes of [T]itles
I and IV of the Anti-Car Theft Act of 1992, the Automobile Information Disclosure Act
(15 U.S.C. 1231 et seq.), the Clean Air Act (42 U.S.C. 7401 et seq.), and chapters 301,
305, and 321331 of [T]itle 49. . . .” 18 U.S.C. § 2721(b).



                                            -6-
information pertains to the individual bringing suit. 18 U.S.C. § 2724.

      A. 18 U.S.C. § 2722(a) & Colo. Rev. Stat § 42-1-206

      Miller maintains Image Data violated Colo. Rev. Stat. § 42-1-206 (and as a

result, the Driver’s Privacy Act) because the Colorado statute limits the sale of

personal information solely for use in preventing financial fraud. She contends

the contract between Image Data and the Secret Service regarding the True ID®

technology could and would be used for purposes beyond preventing financial

fraud, 6 and therefore, the data was procured for a purpose not permitted under the

Driver’s Privacy Act. We disagree.

      Image Data admits its True ID® technology could be utilized for any

number of purposes, including purposes beyond those raised by Miller. However,

the record indicates no reasonable factual dispute as to Image Data’s purpose in

procuring the DMV information. Image Data’s application for the pilot project

and the contractually-required reports to the Secret Service establish the

technology was used to prevent financial fraud. Even considering the potential

uses of the technology, Image Data did not violate either state or federal statute.

Colorado law provides DMV information may be sold “solely for the prevention

of fraud, including, but not limited to, use in mechanisms intended to prevent


      6
        Miller identifies purposes such as “insurance and medicaid fraud; terrorism;
underage drinking; drug crimes; government payments fraud; border-jumping . . . airlines
and [] gun control.” (Appellant Br., p. 22.)

                                          -7-
the fraudulent use of credit cards, debit cards, checks, or other forms of financial

transactions.” Colo. Rev. Stat. § 42-1-206 (emphasis added). The term “fraud”

as used in the statute is not limited by context or express definition and thus takes

on its “generic meaning that includes virtually any kind of deception or unfair

way of inducing another to surrender rights or property.” In re Attorney D., 57

P.3d 395, 402 (Colo. 2002); see also Black’s Law Dictionary (7th Ed. 1999)

(Fraud is “[a] knowing misrepresentation of the truth or concealment of a material

fact to induce another to act to his or her detriment . . . . [a] misrepresentation

made recklessly without belief in its truth to induce another person to act.”).

Image Data’s “identity verification” or “identity fraud” applications were

ultimately intended to prevent fraud, financial and otherwise, by preventing the

deceptive use of a false identity. Consequently, Image Data did not procure the

Colorado DMV information in violation of Colorado law.

      Moreover, the permissive disclosure exceptions found in 18 U.S.C.

§ 2721(b) include a broad range of purposes aimed at preventing fraud generally.

The various types of “identity-verification” or “identity-fraud” objected to by

Miller fall squarely within several of the Driver’s Privacy Act’s fourteen

permissive disclosure exceptions. Driver’s license information may be sold for

“use by any government agency . . . or any private person or entity acting on

behalf of a Federal, State, or local agency in carrying out its functions . . . .” 18


                                           -8-
U.S.C. § 2721(b)(1). The information may also be sold for use in the normal

course of business by a business, or its agents, employees or contractors to verify

the accuracy of personal information submitted by the individual to the business.

18 U.S.C. § 2721(b)(3)(A). Further, this section specifically allows “[a]n

authorized recipient of personal information [with certain exceptions not

applicable here to] resell or redisclose the information only for a use permitted

under subsection (b) . . . .” 18 U.S.C. § 2721(c).

      Because the permitted uses of DMV information are not limited to the

prevention of financial fraud, but include the present and potential applications of

Image Data’s True ID® technology, Image Data did not violate § 2272(a) or Colo.

Rev. Stat. § 42-1-206. We therefore affirm the district court’s grant of summary

judgment on this claim.

      B. 18 U.S.C. § 2722(b)

      Miller also appeals the district court’s determination that no express or

implied private cause of action exists under § 2722(b), contending one may be

implied because of the nature and purpose of the Privacy Act in protecting

individual privacy. We disagree.

      Whether “a statute creates a cause of action, either expressly or by

implication, is basically a matter of statutory construction, such that what must

ultimately be determined is whether Congress intended to create the private


                                         -9-
remedy asserted.” Southwest Air Ambulance, Inc. v. City of Las Cruces, 268 F.3d

1162, 1169 (10th Cir. 2001) (quoting Transamerica Mortgage Advisors, Inc. v.

Lewis, 444 U.S. 11, 16 (1979)). The “construction and applicability of a federal

statute is a question of law, which we review de novo." Allison v. Bank One-

Denver, 289 F.3d 1223, 1235 n.2 (10th Cir. 2002). Even assuming Miller was

harmed by a § 2722(b) violation, this “does not automatically give rise to a

private cause of action in favor of that person.” Southwest Air, 268 F.3d at 1169,

(quoting Transamerica Mortgage Advisors, 444 U.S. at 16).

      The Driver’s Protection Act separates unlawful activity into two distinct

categories. Section 2722(a) identifies securing or disclosing personal information

for an impermissible use. In contrast, § 2722(b) prohibits the use of false

representations to obtain the information. The private right of action created

under 18 U.S.C. § 2724(a) reiterates the statutory language found in § 2722(a),

but contains no similar reference to the false representation language in

§ 2722(b). Thus, the logical inference from the structure and express language of

the Driver’s Privacy Act reveals Congress’ intent to create a private right of

action under § 2722(a), but to leave the enforcement of a violation of § 2722(b) to

the United States Department of Justice.

IV.   Cross Appeal--Costs

      Image Data appeals the district court’s separate order requiring each party


                                        -10-
to pay their own fees and costs. We review an award of costs for an abuse of

discretion. Munoz v. St. Mary-Corwin Hosp., 221 F.3d 1160, 1170 (10th Cir.

2000). “[C]osts other than attorney’s fees shall be allowed as of course to the

prevailing party unless the court otherwise directs . . . .” Fed. R. Civ. P.

54(d)(2003). This rule “creates a presumption that the prevailing party shall

recover costs [and]. . . the district court must provide a valid reason for not

awarding costs to a prevailing party.” Cantrell v. International Bhd. of Elec.

Workers, AFL-CIO, Local 2021, 69 F.3d 456, 459 (10th Cir.1995). The district

court refused to award costs to Image Data, the prevailing party, without

explanation. Therefore, we have no record on which to base our review and must

remand this issue to the district court. Munoz, 221 F.3d at 1170. Consequently,

the portion of the district court’s December 6, 2002 judgment ordering each party

to pay its own fees and costs is REVERSED and REMANDED in accordance with

Munoz, supra.

V.    Conclusion

      The district court’s determination granting summary judgment in favor of

Image Data, and denying Miller’s motion for summary judgment is AFFIRMED.

The court’s denial of costs is REVERSED, and the matter is REMANDED for




                                         -11-
further proceedings consistent with this order and judgment.


                                      Entered by the Court:

                                      Terrence L. O’Brien
                                      United States Circuit Judge




                                       -12-
