Category: Privacy

November 16, 2010 Privacy

Case against iPhone eavesdropper moves forward

Caro v. Weintraub, 2010 WL 4514273 (D. Conn. November 2, 2010)

Stepson who used iPhone to record conversation about dying mother’s will may be liable for invasion of privacy and infliction of emotional distress.

This past summer the case against a man accused of using his iPhone to surreptitiously record a family conversation about his dying mother’s will got some attention when the court dismissed the stepfather-widower’s claim for violation of the Electronic Communications Privacy Act.

But the dismissal of that case was not the end of the story. Plaintiff had filed a separate lawsuit, claiming, among other things, invasion of privacy (by intrusion upon seclusion) and intentional infliction of emotional distress. Defendants (the allegedly eavesdropping iPhone user and his brother) moved to dismiss the invasion of privacy and emotional distress claims. The court denied the motion.

Plaintiff alleged that four days before his wife (defendants’ mother) died, defendants and some other family members came over to the house to discuss the mother’s will. Unbeknown to plaintiff, one of the defendant brothers allegedly used his iPhone to secretly record the conversation. In the subsequent litigation over the mother’s estate, the stepsons attempted to use an allegedly altered version of the recording as evidence.

The court found that the act of secretly recording the conversation could constitute invasion of privacy. Whether it actually happened the way plaintiff claimed will be decided later by a jury. But the judge found that a jury was entitled to make that determination. Plaintiff’s claims that defendants surreptitiously recorded an intimate conversation about a family member’s will qualified as an offensive intentional intrusion in private affairs that could be highly offensive to a reasonable person.

As for the intentional infliction of emotional distress claim, the court found that defendants’ alleged conduct “exceed[ed] all bounds usually tolerated by decent society.” As with the invasion of privacy claim, the question of liability will go to a jury (unless the case settles, of course.)

November 13, 2010 Electronic Discovery, Litigation, Privacy

Facebook account protected from disclosure in discovery, for now

McCann v. Harleysville Insurance, — N.Y.S.2d —, 2010 WL 4540599 (November 12, 2010)

Unlike some recent cases such as Romano v. Steelcase, which seem to give the impression that the information in a person’s social networking account is always fair game for discovery in litigation, one New York court has come down on the side of protecting the privacy of a Facebook user’s content.

Plaintiff was injured in an automobile accident and filed a lawsuit over her injuries. In the course of discovery, defendant sought photographs from plaintiff’s Facebook account and “an authorization” to access the account. Defendant claimed the sought-after discovery related to whether plaintiff sustained a serious injury.

After plaintiff did not respond to the discovery requests, defendant moved to compel. The trial court denied the motion, finding the discovery to be overly broad, and finding that defendant had failed to show the relevancy of the information to be discovered. Defendant sought review with the appellate court. On appeal, the court affirmed.

The court held that the discovery sought was too broad and that defendant had failed to show the relevancy of the information. It affirmed the denial of the motion as to avoid a “fishing expedition.”

But the holding is anything but reassuring from the plaintiff’s perspective. It affirmed the denial without prejudice to serving additional discovery requests. So it sounds as if defendant tailors its discovery a bit more closely, and shows how accessing plaintiff’s Facebook account will provide relevant evidence, it may see some success.

October 20, 2010 Electronic Discovery, Privacy

Stored Communications Act protects Yahoo email account from subpoena

Chasten v. Franklin, 2010 WL 4065606 (N.D.Cal. October 14, 2010)

Plaintiff sued some corrections officers at the prison where her inmate son was killed. She learned in a deposition that one of the defendants had a Yahoo email account. So she sent a subpoena to Yahoo seeking all the email messages sent from that account during a period of more than two years.

Defendant moved to quash the subpoena, arguing that disclosure of the email messages would violate his rights under the Stored Communications Act (SCA). The court granted the motion to quash.

Subject to certain specifically-enumerated exceptions, the SCA (at 18 U.S.C. 2702(a) and (b)) essentially prohibits providers of electronic communication or remote computing services to the public from knowingly divulging the contents of their customers’ electronic communications or the records relating to their customers. The court found that no such exception applied in this case. Citing to Theofel v. Farey-Jones, it held that compliance with the subpoena would be an invasion of the specific interests that the SCA seeks to protect.

October 12, 2010 Electronic Discovery, Privacy

Bipolar disorder no excuse for email hacker

Leor Exploration v. Aguiar, 2010 WL 3782195 (S.D. Fla. September 28, 2010)

Plaintiffs claimed that defendant hacked into one of the plaintiffs’ email accounts during the litigation to get an advantage in the case. The court entered severe sanctions against defendant for doing this — it struck his answer. In litigation, that is like declaring plaintiffs the winners.

Defendant had argued to the magistrate judge that his mental illness (bipolar disorder) caused him to hack plaintiff’s email account out of fear for his security. Defendant even presented expert testimony from a psychiatrist to support the claim that he lacked the mental state to act in bad faith.

In adopting the magistrate’s findings, the district judge found defendant’s psychiatric expert’s testimony unmoving. (Mainly because defendant’s lawyers limited what the expert could say.) So the court relied on other evidence that showed defendant’s bad faith intent in accessing the email. The novel theory of “not guilty of email hacking by reason of insanity” failed in this case.

October 11, 2010 Computer Crime, Privacy

Emails on laptop not protected by the Stored Communications Act

Thompson v. Ross, 2010 WL 3896533 (W.D. Pa. September 30, 2010)

Messages from Yahoo and AOL email accounts saved on laptop computer were not in “electronic storage” as defined by Stored Communications Act.

Plaintiff’s ex-girlfriend kept his laptop computer after the two of them broke up. The ex-girlfriend let two of her co-workers access some email messages stored on the computer. Plaintiff filed suit under the Stored Communications Act. Defendants moved to dismiss. The court granted the motion.

Under the Stored Communications Act (at 18 U.S.C. 2701), one is liable if he or she accesses without authorization a facility through which an electronic communication service is provided and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system.

The court held that the Stored Communications Act did not cover the email messages because they were not in “electronic storage” as defined at 18 U.S.C. 2510(17)(B). In relevant part, that section defines “electronic storage” as “any storage of such communication by an electronic communication service for purposes of backup protection of such communication.”

The court looked to the plain language of the statute, finding that the definition was not met because the messages were not stored by an electronic communication service. It rejected plaintiff’s arguments that the fact the messages were in “backup storage” extended the scope of the definition.

Enhanced by Zemanta
September 30, 2010 Computer Crime, Privacy

Divorce attorney did not conspire to violate the Electronic Communications Privacy Act

Court declines to recognize secondary liability for civil ECPA violation, holding that defendant’s divorce lawyer could not be a conspirator in a civil action alleging email interception.

Garback v. Lossing, 2010 WL 3733971 (E.D.Mich. September 20, 2010)

Plaintiff sued his ex-wife’s attorney for violation of the Electronic Communications Privacy Act. He claimed that his ex-wife, her attorney and some other defendants (including a computer forensics firm) acted together to violate the ECPA by “hacking” into plaintiff’s email account. The ex-wife allegedly used information gathered in this process to negotiate a more favorable divorce settlement.

The defendant attorney moved to dismiss for failure to state a claim upon which relief may be granted. The court granted the motion.

The court found that in plaintiff’s “inartful” pleading, he had failed to allege that the defendant attorney had actually intercepted or knowingly used information obtained in violation of the ECPA. Plaintiff argued that this failure was not fatal, however, in that he had alleged that the defendant attorney conspired to intercept emails.

Rejecting this argument, the court observed that “normally federal courts refrain from creating secondary liability that is not specified by statute.” Finding no textual support in the ECPA for such secondary liability, the court declined to read ECPA’s scope so expansively. The court found the statute as being clear on who may be liable: those who intercept communications and those who get ahold of those communications knowing they were illegally obtained. So the ECPA claim failed and plaintiff was given leave to replead.

September 27, 2010 Computer Crime, Privacy

Doctor’s wiretapping case under ECPA heads to trial

McCann v. Iroquois Memorial Hospital, No. 08-3420 (7th Cir. September 13, 2010)

Mystery of how doctor’s dictation machine got turned on to record conversation between doctor and hospital employee is a question for the jury and should not have been decided on summary judgment.

Two hospital employees — Dr. Lindberg and the director of physician services, Ms. McCann — had a conversation behind the doctor’s closed office door that the two of them thought was private. In their conversation, the two of them criticized hospital administration. But they did not know that the doctor’s dictation machine was recording what they said.

Dictaphone was cylinder dictation machine from...
Image via Wikipedia

How that machine got turned on is a mystery. Dr. Lindberg had been dictating radiology reports a few minutes before Ms. McCann arrived, so he may have accidentally left the machine running. But the recording of the conversation started in mid-sentence, which discredits that theory.

A member of the hospital’s transcription staff, Ms. Freed, is alleged to have come into the room during this conversation to pick up some papers, and Dr. Lindberg and Ms. McCann believe she surreptitiously turned on the machine. That would seem a plausible explanation, given that Ms. Freed supposedly had an axe to grind with Dr. Lindberg.

The recorded conversation made its way to the transcription staff, and after it was typed out, Ms. Freed forwarded it to the hospital’s CEO. Dr. Lindberg and Ms. McCann filed suit against Ms. Freed and others under the Electronic Communications Privacy Act. They claimed that by secretly turning on the dictation machine and forwarding the transcript, Ms. Freed violated the statute.

The district court granted the defendants’ motion for summary judgment. Plaintiffs sought review with the Seventh Circuit. On appeal, the court reversed in part, finding there was a genuine issue of material fact as to whether Ms. Freed was in the room and secretly turned on the dictation machine.

The court of appeals held that whether Ms. Freed was in the office on the date the recording was made was merely the subject of a “swearing contest,” and that summary judgment is not appropriate to resolve such a contest. The lower court had based its grant of summary judgment largely on the contents of the recording. At the end of the conversation, one can hear the office door close as Ms. McCann leaves. But one cannot hear the door shut with Ms. Freed would have left, during the conversation and after she allegedly turned on the dictation machine.

Viewing the facts in the light most favorable to the plaintiffs, the court found that the absence of such a sound did not prove that Ms. Freed was not there: “[N]othing in the record tells us whether the door could have been closed silently; . . . [Ms.] Freed who was conscious that she was intruding (and, perhaps, that she was being taped) may have closed the door softly to be inconspicuous.”

So the court found that whether Ms. Freed was responsible for making the recording — and by extension whether Ms. Freed intentionally intercepted the conversation between Dr. Lindberg and Ms. McCann in violation of the ECPA — was an issue for the jury, and not one for summary judgment.

September 25, 2010 Privacy

Court: privacy on social networking sites is wishful thinking

Defendant is permitted access to plaintiff’s social networking accounts as part of discovery in personal injury case.

Romano v. Steelcase Inc., — N.Y.S.2d —, 2010 WL 3703242 (N.Y.Sup. September 21, 2010)

Plaintiff sued defendant for personal injury that allegedly caused her to lose her enjoyment of life. During discovery, plaintiff refused to voluntarily turn over the contents of her Myspace and Facebook accounts. So defendant filed a motion to compel plaintiff to consent to having Facebook and MySpace turn over all current and deleted content from the accounts. (That consent was necessary because without it, the sites would violate the Stored Communications Act.) The court granted the motion to compel.

The court found that the information contained in the profiles was “material and necessary” to the case. In drawing its conclusion, the court dispensed with any notion that a user’s privacy settings should affect the analysis. Denying defendant access to the information, the court found, would not only go against New York’s policy favoring liberal discovery, but “would condone Plaintiff’s attempt to hide relevant information behind self-regulated privacy settings.” Plaintiff had put her physical condition at issue, so it was fair for defendant to get evidence that may contradict the assertions of injury.

The court rejected plaintiff’s argument that disclosure of the information would violate her right to privacy under the Fourth Amendment. Fatal to any assertion of privacy was the fact that plaintiff had voluntarily made her information available on the sites. The court looked to earlier New York cases dealing with email to find that plaintiff had no expectation of privacy in the social networking data.

And the court made a sweeping declaration about the state of online privacy that is worth noting. Quoting from a law review article, the court observed that in the social media environment, “privacy is no longer grounded in reasonable expectations, but rather in some theoretical protocol better known as wishful thinking.”

September 23, 2010 Computer Crime, Privacy

Lack of knowledge of interception causes ECPA claims against website owners to fail

Zinna v. Cook, No. 06-1733, 2010 WL 3604386 (D. Colo. September 7, 2010)

Plaintiff sued for violation of the Electronic Communications Privacy Act (ECPA) claiming that defendants intercepted his email messages and posted them to a website called ColoradoWackoExposed.com. Defendants moved for summary judgment. The court granted the motion.

It found that although similarities between messages and website content suggested that emails had been intercepted, there was no evidence showing the interception was “contemporaneous” with the messages’ transmission. (Several federal circuits require such contemporaneity. But see the Seventh Circuit’s recent opinion in U.S. v. Szymuszkiewicz for a different take.)

The court also held there was insufficient evidence to show that defendants knew the information posted on the website came about via any unlawful interception. The plaintiff’s assertions that defendants had worked with a non-party wiretapper failed to convince the court of this knowledge.

September 16, 2010 Computer Crime, Privacy

Setting up Outlook rule to intercept another’s email can be a federal crime

U.S. v. Szymuszkiewicz, — F.3d —, 2010 WL 3503506 (7th Cir. September 9, 2010)

Seventh Circuit upholds conviction of employee who secretly intercepted his boss’s email.

A federal jury convicted the defendant, who was an IRS revenue officer, of violating the Wiretap Act (or the Electronic Communications Privacy Act, as some like to call it — 18 USC 2511(1)(a). He had snuck onto his boss’s computer and set a rule in Microsoft Outlook to autoforward copies of all incoming email to his own account.

The defendant sought review of his conviction with the Seventh Circuit. On appeal, the court affirmed. Judge Easterbrook’s opinion is interesting reading. It is a nice accompaniment to the 2005 decision from the First Circuit in U.S. v. Councilman.

The court rejected the defendant’s argument that the Wiretap Act required that the “interception” of the email be “contemporaneous” with its transmission: “[d]ecisions articulating such a requirement are thinking football rather than the terms of the statute.” (Such decisions would include Fraser v. Nationwide Mutual (3d Cir.), Steve Jackson Games v. Secret Service (5th Cir.), Konop v. Hawaiian Airlines (9th Cir.) and United States v. Steiger (11th Cir).

In any event, the court found that the defendant’s interception of the messages in this case was “contemporaneous by any standard.” The evidence showed that the Outlook rules, though set within the email client, operated on the server. A message to the boss would go to an email server in Kansas City, and then be “flung across the network” as packets making up two copies, one for the boss and one for the defendant. It was this copying on the server that was the unlawful interception.

If you’re at all interested in this case and the Wiretap Act, then you must check out Orin Kerr’s post at the Volokh Conspiracy, especially the comments to that post. Very erudite discussion.

Scroll to top