Facebook account protected from disclosure in discovery, for now

McCann v. Harleysville Insurance, — N.Y.S.2d —, 2010 WL 4540599 (November 12, 2010)

Unlike some recent cases such as Romano v. Steelcase, which seem to give the impression that the information in a person’s social networking account is always fair game for discovery in litigation, one New York court has come down on the side of protecting the privacy of a Facebook user’s content.

Plaintiff was injured in an automobile accident and filed a lawsuit over her injuries. In the course of discovery, defendant sought photographs from plaintiff’s Facebook account and “an authorization” to access the account. Defendant claimed the sought-after discovery related to whether plaintiff sustained a serious injury.

After plaintiff did not respond to the discovery requests, defendant moved to compel. The trial court denied the motion, finding the discovery to be overly broad, and finding that defendant had failed to show the relevancy of the information to be discovered. Defendant sought review with the appellate court. On appeal, the court affirmed.

The court held that the discovery sought was too broad and that defendant had failed to show the relevancy of the information. It affirmed the denial of the motion as to avoid a “fishing expedition.”

But the holding is anything but reassuring from the plaintiff’s perspective. It affirmed the denial without prejudice to serving additional discovery requests. So it sounds as if defendant tailors its discovery a bit more closely, and shows how accessing plaintiff’s Facebook account will provide relevant evidence, it may see some success.

Stored Communications Act protects Yahoo email account from subpoena

Chasten v. Franklin, 2010 WL 4065606 (N.D.Cal. October 14, 2010)

Plaintiff sued some corrections officers at the prison where her inmate son was killed. She learned in a deposition that one of the defendants had a Yahoo email account. So she sent a subpoena to Yahoo seeking all the email messages sent from that account during a period of more than two years.

Defendant moved to quash the subpoena, arguing that disclosure of the email messages would violate his rights under the Stored Communications Act (SCA). The court granted the motion to quash.

Subject to certain specifically-enumerated exceptions, the SCA (at 18 U.S.C. 2702(a) and (b)) essentially prohibits providers of electronic communication or remote computing services to the public from knowingly divulging the contents of their customers’ electronic communications or the records relating to their customers. The court found that no such exception applied in this case. Citing to Theofel v. Farey-Jones, it held that compliance with the subpoena would be an invasion of the specific interests that the SCA seeks to protect.

Bipolar disorder no excuse for email hacker

Leor Exploration v. Aguiar, 2010 WL 3782195 (S.D. Fla. September 28, 2010)

Plaintiffs claimed that defendant hacked into one of the plaintiffs’ email accounts during the litigation to get an advantage in the case. The court entered severe sanctions against defendant for doing this — it struck his answer. In litigation, that is like declaring plaintiffs the winners.

Defendant had argued to the magistrate judge that his mental illness (bipolar disorder) caused him to hack plaintiff’s email account out of fear for his security. Defendant even presented expert testimony from a psychiatrist to support the claim that he lacked the mental state to act in bad faith.

In adopting the magistrate’s findings, the district judge found defendant’s psychiatric expert’s testimony unmoving. (Mainly because defendant’s lawyers limited what the expert could say.) So the court relied on other evidence that showed defendant’s bad faith intent in accessing the email. The novel theory of “not guilty of email hacking by reason of insanity” failed in this case.

Illinois court sets standard for unmasking anonymous commenters

Maxon v. Ottawa Pub. Co., — N.E.2d —, 2010 WL 2245065 (Ill.App. 3 Dist. June 1, 2010)

The rules of civil procedure in Illinois permit an aggrieved party to file a petition with the court asking for an order requiring unknown potential defendants to be identified. This is called a Rule 224 petition.

A couple from Ottawa, Illinois got their feelings hurt over some anonymous comments left in response to content published by the local newspaper on its website. Wanting to sue for defamation, the couple filed a Rule 224 petition. The newspaper opposed the petition. (For something similar, see Enterline v. Pocono Medical Center.)

The trial court denied the petition, applying the standards articulated in Dendrite v. Doe and Doe v. Cahill, finding that the petitioners had not presented a strong enough case for defamation to justify the unmasking of the anonymous commenters. Those cases require, among other things, that a party seeking to identify an anonymous speaker make efforts to notify the anonymous party, and present enough evidence to establish a prima facie case of defamation (Dendrite) or survive a hypothetical motion for summary judgment (Cahill).

The aggrieved couple sought review with the Appellate Court of Illinois. Reviewing the decision to deny the Rule 224 petition de novo, the court reversed and remanded, ordering the identification of the anonymous speakers to be made.

In reaching its decision, the court rejected the newspaper’s (and amicis’) arguments that the trial court should apply the rigorous standards of Dendrite and Cahill. That’s not to say, however, that the court left anonymous speakers at great risk of having their First Amendment rights trampled upon.

The court held that the mechanics of Rule 224 adequately protect the potential First Amendment rights of anonymous internet speakers. Here’s why, according to the court:

  • The petition must be verified – the threat of the pain of perjury should keep out half-hearted claims.
  • The petition must state the reason discovery is necessary.
  • The discovery is limited only to learning the identity of the potential defendant.
  • Most importantly, before the discovery will be permitted, the court must hold a hearing and determine the petition sufficiently states a cause of action.

In this fourth step, the court is to apply the standard it would apply in a Section 2-615 motion. Such a motion is, essentially, the Illinois version of a motion to dismiss for failure to state a claim. That is no insignificant test, because unlike federal court and other state jurisdictions, Illinois requires fact pleading. That means the petition needs to include a significant amount of specific information to survive the motion to dismiss.

A troubling aspect of the ruling is the omission from the test of a requirement that the party seeking discovery attempt to notify the anonymous target of the inquisition. The appellate court held that a trial court may, in its discretion, impose such a requirement.

But it would be nice to know that the real party whose First Amendment interests are at stake (the anonymous speaker) is guaranteed a fair opportunity to argue from his or her perspective. After all, it’s that party with the real incentive to do so. Let’s hope the trial courts exercise that discretion wisely (and that they know in the first place that they have that discretion).

Photo courtesy Flickr user TheTruthAbout… under this Creative Commons license.

Court refuses to keep train wreck video confidential

Maldonado v. UPRR, No. 09-1187, 2010 WL 1980318 (D.Kan. May 18, 2010)

Even the fear of social media won’t keep some things under wraps.

The video camera onboard a locomotive captured the moments before the train struck a car at a railroad crossing, killing one of the occupants. In the inevitable lawsuit against the railroad following the accident, the plaintiffs’ lawyers demanded that the video of the accident be produced in discovery.

The railroad objected to the production of the video absent a court order keeping it confidential, arguing that the presence of services like YouTube would permit the video to be widely distributed to the public. To keep the video from serving as “entertainment for gawkers looking to satisfy their morbid curiosity,” the railroad wanted only the parties, lawyers, staff and experts to be able to see the video.

The court rejected the arguments and found that nothing in the video depicted gruesome images of death or injury. It denied the railroad’s motion for protective order. So if you’re into this kind of content, keep an eye on YouTube. Though from what I gather from the court’s description of this video, there’s plenty of gorier stuff out there.

Reblog this post [with Zemanta]

Emails sent through Yahoo account using work computer protected under attorney-client privilege

The New Jersey supreme court has held that emails an employee sent to her lawyer using her company-issued computer and a personal Yahoo account are protected by the attorney-client privilege.

Stengart v. Loving Care Agency, Inc., — A.2d —, 2010 WL 1189458 (N.J. March 30, 2010)

The New Jersey courts have a reputation of being protective of “informational privacy.” See, e.g., State v. Reid. A recent decision concerning employee privacy in personal emails adds to that reputation.

Plaintiff-employee used a work-issued laptop to access her Yahoo email account, through which she communicated with her lawyer about her lawsuit against the employer. During the discovery phase of that employment discrimination lawsuit, the employer used computer forensics to recover those Yahoo emails that had been copied to the computer’s temporary internet files folder.

Counsel for plaintiff demanded that the employer turn over the recovered emails, arguing that the communications were protected by the attorney-client privilege. When the employer agreed to turn them over but not discontinue use of the information garnered from them, plaintiff sought relief from the court.

The trial court denied relief and plaintiff sought review with the appellate court. That court reversed, and the employer sought review with the state’s supreme court. The supreme court upheld the appellate court’s decision, holding that the employee had a reasonable expectation of privacy in the communications.

The employer relied on a broadly-written company policy through which the employer reserved the right to review and access “all matters on the company’s media systems and services at any time.” But the court rejected those arguments.

Framework for the analysis

The supreme court considered two aspects in its analysis: (1) the adequacy of the notice provided by the company policy, and (2) the important public policy concerns raised by the attorney-client privilege.

As for the adequacy of the notice provided by the policy, the court found that because the policy did not address the use of password-protected personal email accounts, the policy was “not entirely clear.” As for the importance of the attorney-client privilege, the court lavished it with almost-sacred verbal accoutrements, calling it a “venerable privilege . . . enshrined in history and practice.”

“Intrusion upon seclusion” as source for standard

The court noted that the analysis for a reasonable expectation of privacy in dealings between two private parties was a bit different than the analysis in a Fourth Amendment case. The common law source for the standard in this context is with the tort of “intrusion upon seclusion.” Under New Jersey law, that tort is committed when one intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns, in a manner that would be highly offensive to a reasonable person. (This language comes from the Restatement (Second) of Torts § 652B.)

In this situation, the court found that plaintiff had both a subjective and objective expectation that the messages would be private. Supporting her subjective belief was the fact that she used a private email account that was password protected, instead of her work email account. And she did not store her password on the computer. Her belief was objectively reasonable given the absence of any discussion about private email accounts in the company policy.

Plaintiff’s expectation of privacy was also bolstered by the fact that the email messages were not illegal, nor would they impact the performance of the employer’s computer system. And they bore all the “hallmarks” of attorney-client communications.

For all these reasons, not the least of which the priority of the courts “to keep private the very type of conversations that took place here,” the court found that the conversations were protected by the attorney-client privilege.

Expedited electronic discovery includes subpoena to ISP and imaging of defendants’ hard drives

Allcare Dental Management, LLC v. Zrinyi, No. 08-407, 2008 WL 4649131 (D. Idaho October 20, 2008)

Plaintiffs filed a defamation lawsuit against some known defendants as well as some anonymous John Doe defendants in federal court over statements posted to Complaintsboard.com. The plaintiffs did not know the names or contact information of the Doe defendants, so they needed to get that information from the Does’ Internet service provider.  But the ISP would not turn that information over without a subpoena because of the restrictions of the Cable Communications Policy Act, 47 U.S.C. § 501 et seq. [More on the CCPA.]

Under Federal Rule of Civil Procedure 26(d)(1), a party generally may not seek discovery in a case until the parties have had a Rule 26(f) conference to discuss such things as discovery. Because of the Rule 26(d)(1) requirement, the plaintiffs found themselves in a catch-22 of sorts: how could they know with whom to have the Rule 26(f) conference if they did not know the defendants’ identity.

So the plaintiffs’ filed a motion with the court to allow a subpoena to issue to the ISP prior to the Rule 26(f) conference. Finding that there was good cause for the expedited discovery, the court granted the motion. It found that the subpoena was needed to ascertain the identities of the unknown defendants. [More on Doe subpoenas.] Furthermore, it was important to act sooner than later, because ISPs retain data for only a limited time.

The Plaintiffs also contended that that the known defendants would likely delete relevant information from their computer hard drives before the parties could engage in the ordinary process of discovery. So the plaintiffs’ motion also sought an order requiring the known defendants to turn over their computers to have their hard drives copied.

The court granted this part of the motion as well, ordering the known defendants to turn their computers over to the plaintiffs’ retained forensics professional immediately. The forensics professional was to make the copies of the hard drives and place those copies with the court clerk, not to be accessed or reviewed until stipulation of the parties or further order from the court.

Subpoena to university in P2P case must give time to notify parents

UMG Recordings, Inc. v. Doe, No. 08-3999, 2008 WL 4104207 (N.D.Cal. September 4, 2008)

Plaintiff record companies, using Media Sentry, found the IP address of a John Doe file-sharing defendant, and filed suit against Doe in federal court for copyright infringement. As in any case where a defendant is known only by his or her IP address, the record companies needed some discovery to ascertain the name and physical address matching that IP address. But the federal rules of procedure say that without a court order, a party cannot seek discovery until the parties have conferred pursuant to Fed. R. Civ. P. 26(f).

So the record companies sought the court order allowing them to issue a subpoena to Doe’s Internet service provider prior to the 26(f) conference. The court granted the order, but with a caveat.

The evidence showed that Doe was a student at the University of California, Santa Cruz. Under the Family Educational Rights and Privacy Act at 20 U.S.C. § 1232g, a college generally cannot disclose “any personally identifiable information in education records other than directory information.” There’s an exception to that rule when the college is answering a lawfully issued subpoena, provided that “parents and the students are notified of all such … subpoenas in advance of the compliance therewith by the educational institution or agency.”

The court granted the record companies’ motion for leave to serve the subpoena prior to the Rule 26(f) conference, but required that the subpoena’s return date “be reasonably calculated to permit the University to notify John Doe and John Doe’s parents if it chooses prior to responding to the subpoena.”

No spoliation sanctions for deletion of email where CD copies had been made

Bakhtiari v. Lutz, — F.3d —-, 2007 WL 3377215 (8th Cir. November 15, 2007)

Not too many e-discovery (or any type of discovery) disputes get to the federal courts of appeal. But we have a recent decision from the Eighth Circuit that addressed the topic of “spoliation” when emails had been deleted.

A party in litigation is guilty of spoliation when the court finds that he or she “intentionally destroyed evidence with a desire to suppress the truth.” Greyhound Lines, Inc. v. Wade, 485 F.3d 1032, 1035 (8th Cir. 2007). Plaintiff Bakhtiari filed suit against the University of Missouri-Rolla and a number of administrators there, alleging Title VII and civil rights violations. He had been terminated from his position as a teaching assistant in the chemistry department.

Soon after Bakhtiari was terminated, but before he filed suit, the university’s IT staff backed up the contents of his email account onto two CDs. The university then allowed the messages to be deleted as part of “automated systems maintenance.” It turned over a copy of the CDs to Bakhtiari, but he claimed that large portions of data were missing.

At the trial court level, Bakhtiari claimed that the university should be sanctioned for spoliation for deleting the email messages from the server. The court denied this motion, however, and Bakhtiari sought review with the Eighth Circuit. On appeal, the court affirmed the denial of the motion.

The appellate court held that the lower court did not abuse its discretion in finding that the IT staff had taken appropriate steps to backup the data, and that Bakhtiari may himself have been responsible for the missing portions. Moreover, there was credible evidence that third parties had access to the account before the backups were made, and that Bakhtiari had asked that portions be deleted. Bakhtiari had failed to demonstrate, the court held, that the university acted with a “desire to suppress the truth.”

Scroll to top