Nebraska, Where Proportionality is Alive and Well in Discovery

Nebraska stampOne lesson from United States v. Univ. of Neb. at Kearney, is that maybe you should take depositions of key parties and use interrogatories to find out relevant information to your case before asking for over 40,000 records that contain the personal information of unrelated third-parties to a lawsuit.

The case is a Fair Housing Act suit involving claims that students were prohibited or hindered from having “emotional assistance animals in university housing when such animals were needed to accommodate the requesting students’ mental disabilities.” United States v. Univ. of Neb. at Kearney, 2014 U.S. Dist. LEXIS 118073, 2 (D. Neb. Aug. 25, 2014).

A protracted battle over the scope of discovery broke out between the parties. The Defendants argued the search, retrieval, and review for responsive discovery was too expansive and would have been unduly burdensome. Kearney, at *5-6. As the Government’s search requests included “document* w/25 policy,” you can see the Defendant’s point on having broad hits to search terms. Kearney, at *20.

The Government’s revised search terms would have 51,131 record hits, which would have cost $155,574 for the Defendants to retrieve, review, and produce the responsive ESI. Kearney, at *5-6. This would have been on top of the $122,006 already spent for processing the Government’s requests for production. Kearney, at *7.

The Court noted that the Government’s search terms would have required production of ESI for every person with disability, whether they were students or contractors. Kearney, at *6-7. The Government argued the information was necessary, and justified, in order to show discriminatory intent by the Defendants. Id.

The Defendants wanted the scope of the discovery requests narrowed to the “housing” or “residential” content, which would have resulted in 10,997 responsive records. Kearney, at *7.

The Government did not want to limit the scope of discovery and recommended producing all the ESI subject to a clawback agreement [notice not a protective order] for the Government to search the ESI. The Defendants argued such an agreement would violate the Family Educational Rights and Privacy Act by disclosing student personal identifiable information without their notice and consent. Kearney, at *8.

Motion practice followed with the Defendant requesting cost shifting to the Government for conducting searches, the use of predictive coding software, and review hosting fees. Kearney, at *8-9.

The Court ordered the parties to answer specific discovery questions, which the Government did not answer, on “information comparing the cost of its proposed document retrieval method and amount at issue in the case, any cost/benefit analysis of the discovery methods proposed, or a statement of who should bear those costs.” Kearney, at *9.

The Court was not keen on the Government outright searching the personal data of others unrelated to the case. As the Court stated:

The public and the university’s student population may be understandably reluctant to request accommodations or voice their concerns about disparate or discriminatory treatment if, by doing so, their private files can be scoured through by the federal government for a wholly unrelated case. The government’s reach cannot extend that far under the auspices of civil discovery; at least not without first affording all nonparties impacted with an opportunity to consent or object to disclosure of information from or related to their files.

Kearney, at *18-19.

The Court stated it would not order the production of over 51,000 files with a clawback order. Moreover, the cost to review all of the ESI exceeded the value of the request. Kearney, at *19.

The Court did not accept the Government’s claim that it needed to conduct an expansive search. Kearney, at *19-20. The Court stated the following on the fundamentals of civil discovery:

Searching for ESI is only one discovery tool. It should not be deemed a replacement for interrogatories, production requests, requests for admissions and depositions, and it should not be ordered solely as a method to confirm the opposing party’s discovery is complete. For example, the government proposes search terms such as “document* w/25 policy.” The broadly used words “document” and “policy” will no doubt retrieve documents the government wants to see, along with thousands of documents that have no bearing on this case. And to what end? Through other discovery means, the government has already received copies of UNK’s policies for the claims at issue.

Kearney, at *20.

The Court further stated that “absent any evidence that the defendants hid or destroyed discovery and cannot be trusted to comply with written discovery requests, the court is convinced ESI is neither the only nor the best and most economical discovery method for, and depositions should suffice—and with far less cost and delay.” Kearney, at *21.

Bow Tie Thoughts

This case has significant privacy interests, but at its core the issue is one of proportionality. What was the cost of discovery and its benefit? In the end, the cost of expansive search terms that impacted the third party rights of others, outweighed the benefit of the discovery to the case.

The fact we have amazing search technology that can search electronic information does not mean we can forget how to litigate. The use of “search terms” cannot swallow the actual claims of a case.

It is heartening to see a Court say no to the data of unrelated third parties being enveloped into a discovery production. While there are many ways to show discrimination, requesting the electronically stored information, protected by Federal and most likely state law, of third parties should give any Court pause.

The use of predictive coding to focus the scope of discovery, or visual analytics to identify relevant information, or clustering to organizing similar information is fantastic technology to expedite review. However, the fact that technology exists still means lawyers have to use requests for admissions, interrogatories, and have requests narrowly tailored for responsive ESI.


Clicking “Deny” on Transferring Venue Based on an Online Forum Selection Clause

The Defendant in Dunstan v. Comscore, Inc., was a company that offered “free” screen savers and games that monitor a user’s Internet usage, which is then sold for marketing research or analysis of online behavior.

After being sued for purportedly improperly obtaining personal information in violation of the Stored Communication Act, along with other allegations, moved to dismiss a lawsuit or transfer to from the Northern District of Illinois to the Eastern District of Virginia.  Dunstan v. Comscore, Inc., 2011 U.S. Dist. LEXIS 115988 (N.D. Ill. Oct. 7, 2011).

As with virtually all software downloads, before anyone can install the Defendant’s products, a user must click they have read the “terms and conditions of the Privacy Statement and User License Agreement” and agree to the Defendant’s forum-selection clause.  Dunstan, at *2-3.

Case law requires a plaintiff to show the venue it selected is proper.  Dunstan, at *3.

A party challenging a forum-selection clause must demonstrate the enforcement of the clause is unreasonable under the circumstances.  Dunstan, at *3-4.

“Reasonableness” includes whether the forum-selection clause was “’was reasonably communicated to the plaintiff.” Dunstan, at *4.


The Plaintiff successfully argued the Defendant’s forum-selection clause, specifically the terms of service hyperlink, was obscured so that the average user could not find it.  Dunstan, at *4.

As the Court explained, “it is not reasonable to expect a user casually downloading free software to search for such an agreement if it is not immediately available and obvious where to obtain it.”  Dunstan, at *7.

As the Court stated in its holding:

As the Second Circuit noted, “[w]hen products are ‘free’ and users are invited to download them in the absence of reasonably conspicuous notice that they are about to bind themselves to contract terms, the transactional circumstances cannot be fully analogized to those in the paper world of arm’s-length bargaining.” Specht v. Netscape Commc’ns Corp., 306 F.3d 17 at 32 (2d Cir. 2002). Consequently, under the circumstances alleged here, including that the location of the license agreement was not readily apparent, the court concludes that the forum-selection clause was not reasonably communicated to the plaintiffs Harris and Dunstan.

Dunstan, at *7. 

The Court both denied the motion to dismiss and the alternate motion to transfer.

Bow Tie Thoughts

I have thought about the reasonableness of online forum-selection clauses since first reading Carnival Cruise in law school.  The effectiveness of online forum selection clauses is imperative for businesses conducting online sales to have the predictability of where they can be subject to litigation. The prospect of an online company being subject global general jurisdiction is simply acidic e-commerce.  However, as with so many other standards in the law, reasonableness is key on whether a forum-selection clause is valid.

Dueling Definitions of “Interception” in Wiretap Violations

A Plaintiff sued her former employer alleging violations of the Federal Wiretap Act, the Indiana Wiretap Act and the Stored Communication Act. The facts at issue involved the Plaintiff’s email and banking passwords being recorded by keylogger software on a company computer, allowing the Defendants to access the Plaintiffs email and banking information. Rene v. G.F. Fishers, Inc., 2011 U.S. Dist. LEXIS 105202 (S.D. Ind. Sept. 16, 2011).

The Defendants brought a motion to dismiss, which was granted on the Federal Wiretap cause of action, but denied on the state and Stored Communication Act causes of action. Rene, at *18.

Federal Wiretap Act

The Federal Wiretap Act makes it a crime to intercept electronic communication and also allows for civil damages for an interception. Rene, at *5.

The Federal Wiretap Act defines “intercept” as “the aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device.” Rene, at *5, citing 18 U.S.C. § 2510(4). The interception must be “contemporaneously with the communication.” Id.

The Court held that the capturing of keystrokes was not enough for a violation of the Federal Wiretap Act. Rene, at *5. Specifically, keystrokes are not an “electronic communication” under the statute, because the transmission is internally within a computer and not affecting interstate commerce. Rene, at *6-7. As such, the cause of action failed.

The state wiretap act was a different story.

Indiana Wiretap Act

The Indiana Wiretap Act creates a cause of action when anyone’s “communications are intercepted, disclosed, or used in violation of this article.” Rene, at *10.

Furthermore, the state wiretap act defined “interception” as “the intentional recording or acquisition of the contents of an electronic communication by a person other than a sender or receiver of that communication, without the consent of the sender or receiver, by means of any instrument, device, or equipment under this article.” Rene, at *10, Ind. Code 35-33.5-1-5.

As the Court noted, “[T]hese definitions are hardly identical.” Rene, at *11.

Moreover, the Indiana statute did not require the communication be transmitted on a system affecting interstate commerce. Rene, at *11.

As the Court explained:

Yet a critical phrase is absent from the IWA — while the FWA requires that a communication be transmitted by a system “affecting interstate or foreign commerce,” the IWA does not include this restriction. This Court’s holding that Rene’s FWA claim fails turns on this important phrase. Absent this phrase, the transmitting system at issue — the cord between keyboard and computer — may satisfy the system requirements for an “electronic communication” under the FWA. Likewise, the system at issue may satisfy the requirements for “electronic communication” under the IWA. Thus, even if the federal requirement of “contemporaneous interception” is grafted on to the statute, the clear absence of this phrase would change the applicable standard for an “interception” under the IWA. While the FWA requires that the interception occur contemporaneously with transmission by a system affecting interstate commerce, the IWA appears to merely require that the interception occur contemporaneously with transmission by a system. For this reason, even if, as the Defendants’ claim, interpretation of the IWA follows federal case law as far as the text allows, Rene’s IWA claim survives.

Rene, at *11-12.

Stored Communications Act

The Defendants claimed the Stored Communication Act cause of action for accessing the Plaintiff’s email failed, because the email messages accessed were not in “electronic storage.” Rene, at *13.

The Stored Communications Act (“SCA”) prohibits “intentionally accessing without authorization a facility through which an electronic communication service is provided,” and accessing an “electronic communication while it is in electronic storage.” Rene, at *13, citing 18 U.S.C. § 2701(a).

“Electronic storage” is as “any temporary, intermediate storage of a[n] . . . electronic communication incidental to the electronic transmission thereof,” and “any storage of such communication by an electronic communication service for purposes of backup protection of such communication.” Rene, at *13, citing 18 USC § 2510(17)(A) and 18 USC § 2510(17)(B).

The Defendants argued that regardless of whether email messages were opened or not, the messages were not in “electronic storage.” Rene, at *13-14.

The Court avoided wading too deep into the issue of whether open email messages are in “electronic storage.” The Court stated that “at a minimum email messages that have reached the addressee’s inbox, but which have yet to be opened by the addressee, are in “temporary, intermediate storage.” Rene, at *14-15. The Court specifically found:

Insofar as an email message waiting to be downloaded had yet to travel the channel between server and local computer, it remained in temporary, intermediate storage incident to transmission. Similarly, inasmuch as an email waiting in an inbox has yet to be accessed by the addressee, even though it may be kept after viewing only on the regional server, it too has yet to travel to its ultimate destination.

Rene, at *16.

The Court found the Plaintiff had alleged enough for her SCA claim to survive with her claims the Defendants had made unauthorized access to her email. Rene, at *17-18.

Bow Tie Thoughts

Privacy, and personal communications being disclosed, is an ever-growing battleground in Court. The fact two different definitions of “interception” can result in one cause of action surviving where another fails is telling of the complexity of these cases.

The 25-year-old Stored Communication Act excels at causes lawyers and judges to engage in Cirque du Soleil style mental acrobatics. The issue of whether or note “electronic storage” includes open webmail messages results in courts analyzing 21st Century email technology to a statute passed in 1986. These issues will continue to be litigated and Congress may ultimately update the Stored Communication Act to reflect the advances in technology.

Location Privacy Protection Act

Guest Article By Sonya Ziaja.

Ms. Ziaja is a regular contributer to Legal Match’s Law Blog and to Shark. Laser. Blawg

Senator Al Fraken proposed a consumer privacy geolocation bill (the Location Privacy Protection Act) earlier this term.

Unlike the bipartisan GPS Act, the bill does not attempt to grapple the Fourth Amendment question of whether law enforcement should be required to obtain a warrant before surreptitiously tracking citizens.

Rather, Franken’s bill concentrates on curbing the ability of corporations, non-government entities, and private individuals to collect and use information about where you are—or where you’ve been.

The Location Privacy Protection Act seeks to protect consumer privacy by making it presumptively illegal for non-government entities to collect your geolocation information. There are, of course, exceptions to this proposed rule. The first exception is consent. Individuals could “opt-in” to being tracked. The other main exception is for safety in emergency situations.

In order to enforce the protections in the bills, the Location Privacy Protection Act creates a private right to civil action. Individuals and State Attorney Generals could sue entities that violate the act for equitable relief as well as for statutory damages. In order to bring a suit, potential damages would have to be beyond a $2,500 threshold—in other words, the minimum amount to get out small claims courts. Successful plaintiffs would also be eligible for punitive damages and other equitable damages that the court finds appropriate.

The statute of limitation in the Location Privacy and Protection Act is modest. It is two years from the time the victim actually learned that the violation had taken place. This limitation is fair in that it serves to protect corporations from unanticipated lawsuits, and at the same time gives plaintiffs a fighting chance to pursue a claim. It is also notably different from the statue of limitations in the GPS Act which sets the two-year clock running from the time the victim could have reasonably known that the violation had taken place.

In total, the bill appears to be a fair attempt to protect consumer privacy and bring some certainty to how geolocation information can be used throughout the country.

Currently consumer geolocation information is governed by the privacy policies of companies and a patchwork of various state laws. There are also a few state court cases which are beginning to define the parameters of consumer geolocation privacy with regards to other private individuals and entities (as opposed to law enforcement). This year, for example, the California Supreme Court broadly interpreted the California Credit Card Act to prohibit companies from collecting and compiling zipcode information from costumers. (Pineda v. Williams-Sonoma, S178241 (Cal. Supreme Court; Feb. 10, 2011)). The court decision leaves open the possibility that the California Credit Card Act might also protect other information used to identify individuals, like geolocation data.

How to Exclude an Expert Who Says There is No Expectation of Online Privacy

A Plaintiff successfully excluded the Defendant’s testifying expert whose opinion was that “no one, including Plaintiffs, has a reasonable expectation of privacy in Internet communications.”  Clements-Jeffrey v. City of Springfield, 2011 U.S. Dist. LEXIS 81898, 2-3; 10 (S.D. Ohio July 27, 2011).

The case involved the theft of a laptop.  The “contextual expert” was going to offer the following opinions:

1. It is not reasonable to believe that electronic communication is private online.

2. Only the original owner of a computer can have meaningful knowledge of security protection it contains. Any subsequent user of a laptop cannot assume automatic protection of any kind.

3. Computer, laptop, and electronic equipment theft is a serious social and  criminological problem for organizations, businesses and individuals that requires reasonable remote and location-specific security solutions.

4. When a company activates system operation software capture for security reasons, the representatives of the company/employees cannot predict the nature of the material that will be accessed.

5. Security and theft protection tools are necessary and proper tools to combat computer theft.

Clements-Jeffrey, at *2-3.

The Court held the Defense Expert’s opinion was “absolutely irrelevant,” because the issue of whether the Plaintiffs had a reasonable expectation of privacy in their Internet communications was a question of law.  Clements-Jeffrey, at *6.

The Court further noted that the expert’s “opinion” was also contrary to case law.  Id.

The Court quickly recounted well-established precedent by multiple courts recognizing individuals having an objective reasonable expectation of privacy in their computers.  Clements-Jeffrey, at *7.

Moreover, case law has held that password-protected personal computers have an even greater privacy protection.  Id.

The Court further cited a Sixth Circuit case involving electronic communications holding that “a subscriber enjoys a reasonable expectation of privacy in the contents of emails ‘that are stored with, or sent or received through, a commercial [Internet service provider].'” Clements-Jeffrey, at *8, citing United States v. Warshak, 631 F.3d 266, 288 (6th Cir. 2010), reh’g and reh’g en banc denied (2011) (quoting Warshak v. United States, 490 F.3d 455, 473 (6th Cir. 2007)).

Furthermore, the Sixth Circuit held that that “the very fact that information is being passed through a communications network is a paramount Fourth Amendment consideration.” Clements-Jeffrey, at *8, citing Warshak, at *285.  As the Court further explained:

The court in Warshak also held that even though email had to pass through an Internet service provider (“ISP”), and even though that provider may have contractually reserved the right to access the subscriber’s email in certain circumstances, neither the ability of the ISP to gain that access, nor its contractual right to do so, extinguished the user’s reasonable expectation of privacy.

Clements-Jeffrey, at *8-9, Warshak, at 286-87.

The Court drove the issue home on the expert’s opinion with the following:

These holdings can logically be extended to cover instant messages and webcam communications, the types of electronic communications at issue in this case. Applicable statutes also shed light on whether an individual has an objectively reasonable expectation of privacy in electronic communications. The Stored Communications Act (“SCA”), 18 U.S.C. § 1701 et seq., at issue in Warshak and Quon and the subject of one of Plaintiffs’ claims in this case, specifically prohibits the intentional, unauthorized access of stored communications such as email. The Electronic Communications Privacy Act (“ECPA”), 18 U.S.C. § 2511, also the subject of one of Plaintiffs’ claims in this case, specifically prohibits the intentional, unauthorized interception, disclosure, and use of wire, oral, and electronic communications.

Clements-Jeffrey, at *9-10.

The Court held that the expert’s opinion was “contrary to law, and thus not relevant to the issues in this litigation.”  Clements-Jeffrey, at *10.

Bow Tie Thoughts

To say that the expert’s opinion that “no one” has an objective reasonable expectation of privacy in Internet communication bothered the judge is an understatement.

Privacy is a key battleground in litigation today, because individuals live their lives connected to email, text messages, IM’s, social media and whatever network their data is being sent over.  Relevant information is rightly subject to discovery in litigation, but to say there are no privacy interests at issue is a grave mistake.

The fact data is sent over an ISP does not render the 4th Amendment dead-letter law. Congress will continue to debate these issues and Courts will continue to vindicate these rights in litigation.  These issues will continue to make case law for the foreseeable future.

Streaming Early Discovery in Online Music Infringement

The Plaintiffs filed a suit alleging copyright infringement against the online proprietors of Korean pop music website where the Defendants “post, organize, search for, identify, collect and index links to infringing material that is available on third-party websites,” which the Plaintiff claimed was a “a one-stop shop for infringing material.” DFSB Kollective Co. v. Jenpoo, 2011 U.S. Dist. LEXIS 62163, *1-2 (N.D. Cal. June 10, 2011).

The Plaintiffs sought early discovery on eight third-party service providers and “other necessary entities that may be uncovered during discovery” to identify the Doe Defendants, because the Defendants allegedly used false names on their various websites and social networking profiles. DFSB Kollective Co., at *2, 4. The service providers included:







HostGator and


DFSB Kollective Co., at *4.

Requirements for Early Discovery

Early Discovery may be allowed by a Court when there is “good cause” and “for the convenience of parties and witnesses and in the interests of justice.” DFSB Kollective Co., at *4, citing Fed. R. Civ. P. 26(d).

A Moving Party must show the following to conduct early discovery:

(1) Identify the defendant with enough specificity to allow the Court to determine whether the defendant is a real person or entity who could be sued in federal court;

(2) Recount the steps taken to locate the defendant;

(3) Show that its action could survive a motion to dismiss; and

(4) File a request for discovery with the Court identifying the persons or entities on whom discovery process might be served and for which there is a reasonable likelihood that the discovery process will lead to identifying information.

DFSB Kollective Co., at *4, citing Columbia Ins. Co. v., 185 F.R.D. 573, 578-80 (N.D. Cal. 1999).

Downloading Good Cause

The Court found good cause for early discovery, because ISP subscriber logs are retained for a short time before the data is lost. DFSB Kollective Co., at *5. In short, time is of the essence to identify Doe Defendants with ISP information.

The Court outlined how the Plaintiffs had satisfied the four-factor test for conducting early discovery:

Defendants specifically identified e-mail addresses, user IDs, and account numbers.

The Defendants had hired investigators and presented the findings to the Court.

The Defendants established that the Complaint would likely to survive a motion to dismiss.

The Defendants demonstrated there was a reasonable likelihood that third-party discovery would produce identifying information, with a couple of big caveats.

DFSB Kollective Co., at *5-6.

The Court’s Terms & Conditions on Limited Discovery

The Court’s order was limited to six of the third-parties, because the Plaintiffs did not show a connection between MySpace and GoDaddy to the Defendant. DFSB Kollective Co., at *6-7. The Court noted that the MySpace account appeared dormant and contained no references to the Defendants’ website. Id.

Additionally, the Court limited the search into the different email addresses down to two, because those addresses appeared connected to the alleged infringing activity. DFSB Kollective Co., at *7.

Furthermore, the Court did not allow the Plaintiff to subpoena the Defendants’ financial institutions. Id.

The subpoenas were limited to the production of the names, addresses, phone numbers, e-mail addresses, and physical addresses associated with those accounts. Id.

No Tonkin Gulf Resolution for Production

Echoing the logic that enacted the War Powers Act, the Court refused to give an open-ended order where the Plaintiff could seek discovery from “other necessary entities that may be uncovered during discovery.” DFSB Kollective Co., at *7-8.

Pistols at Downloading: Dueling Procedures for Third-Party Service Providers

The third-party service providers subject to the discovery order were required to serve a copy of the subpoena on their affected subscribers. If the subscribers did not file a motion to quash, the third-parties would then produce the required information within 10 days. DFSB Kollective Co., at *8-9.

Bow Tie Thoughts

Early discovery from third-party service providers walks a delicate line between furthering the interests of justice and violating privacy laws. In this case, early discovery was absolutely required to identify the Doe Defendants. Early discovery from third-party service providers is often the only way to identify committing an online tort.

However, the idea of a Court giving a very open-ended Order to seek discovery from “other necessary entities that may be uncovered during discovery” should give everyone pause. Discovery requests are supposed to be narrowly tailored and reasonably particular against an entity; a blank check to seek discovery from un-named third-party service providers would be a very dangerous precedent. If a third-party is identified and has a causal connection to a case that may produce information to identify a doe defendant, a party should bring it before the Court for expedited discovery.

The other risk with early discovery is ordering the production of otherwise privileged information. For example, California has a state constitutional right to privacy which might apply in some cases. The Stored Communication Act protects the contents of email messages from production by a third-party. Financial information is also often protected by both Federal and State laws. While producing names, addresses, phone numbers, e-mail addresses, and physical addresses is within the interests of justice, Courts must guard against these procedures from being abused.

Feng Shui False Tweets

The Plaintiff, a professional Chicago interior designer, was the director of marketing, PR and e-commerce for the Defendant, a well-known interior designer. Maremont v. Susan Fredman Design Group, Ltd., 2011 U.S. Dist. LEXIS 26441, at *4 (N.D. Ill. Mar. 15, 2011).

After being injured in an accident, the Defendant impersonated the Plaintiff on Facebook and Twitter.  The Plaintiff sued and the Defendant brought a motion to dismiss.  Maremont, at *1-2.

The Factual Focal Point

The Plaintiff had a popular following on both Facebook and Twitter.  All social media messages had her image on them.  Additionally, the Plaintiff maintained a blog hosted on the Defendant’s blog.  Maremont, at *5.

The Plaintiff was hit by a car and hospitalized with extensive injuries, which included surgeries, physical rehabilitation and recovering in a wheel chair.  Maremont, at *5-7.   While in the hospital, she was told the Defendant were promoting themselves with the Plaintiff’s Facebook and Twitter accounts.  Maremont, at *6.

The Plaintiff told the Defendant to stop “impersonating” her online, because 1) it made it look like the Plaintiff had not been hurt badly and 2) she had returned to work. Maremont, at *6.

The Defendant continued impersonating the Plaintiff on both Twitter and Facebook. Id.

After several months of recovery, the Plaintiff learned the Defendant was still impersonating her on her social media accounts.  Maremont, at *7.   The Plaintiff changed her passwords on her accounts, which prompted the Defendant to text the Plaintiff.  Id. After the Plaintiff confirmed she changed her passwords to the Defendant, the Defendant and her employees stopped visiting or contacting the Plaintiff.  Id.

Accent Colors of the Law: Lanham Act, Right to Publicity & Common Law Right to Privacy

False Endorsement

The Court upheld the Plaintiff’s “false endorsement” claim under the Lanham Act.  Maremont, at *9-10.

A “false endorsement” is “…when a person’s identity is connected with a product or service in such a way that consumers are likely to be misled about that person’s sponsorship or approval of the product or service.” Maremont, at *9, citing, Stayart v. Yahoo! Inc., 651 F.Supp.2d 873, 880-81 (E.D. Wis. 2009).

The Court explained that the Plaintiff alleged sufficient facts to survive the motion to dismiss, because 1) she alleged she had a popular following on Twitter and Facebook related to her commercial work and 2) the Plaintiff was in commercial marketing when the Defendant used her social media accounts.  Maremont, at *10.

As such, the Court found the Plaintiff alleged a commercial injury based on the Defendant’s use of the Plaintiff’s Facebook and Twitter profiles.  Id.

Right to Publicity

The Plaintiff alleged the Defendant violated her rights under the Illinois Right to Publicity Act, because the Defendant did not have her written consent to use her likeness. Maremont, at *11.

The Defendant challenged the Plaintiff’s “right to publicity” claim as being untimely under state law, because the one-year statute of limitations had run from when the Plaintiff first learned of the use of her social media profiles.  Maremont, at *11.

The Court found the Plaintiff’s claim timely, because under the “continuing injury” doctrine, because of the several month period the Defendant used the Plaintiff’s social media profiles.  Maremont, at *13.  The Plaintiff filed her lawsuit within one year of her text message exchange with the Defendant about changing her passwords, which was the end of the alleged infringement.  Id. As such, the Plaintiff’s claims were timely.  Id.

Common Law Right to Privacy Claim

The Defendant was successful in the dismissal of the Plaintiff’s Common Law Right to Privacy Claim, because the Illinois Right to Publicity Act replaced common law causes of action.  Maremont, at *14.

The Plaintiff claimed two additional common law torts: 1) unreasonable intrusion upon the seclusion of another and 2) a claim based on publicity that reasonably places another in a false light before the public. Maremont, at *14.

The Court granted the motion to dismiss on the intrusion into her “digital life,” because the Plaintiff did not develop the argument whether such a claim is actionable.  Maremont, at *14-15.

The Plaintiff’s “false light” claim also failed, because she did not sufficiently allege actual malice or special damages.  Maremont, at *15.

Bow Tie Thoughts

We will see more cases involving the blending of personal lives and professional business development.  These issues present intriguing questions of law and electronic discovery challenges.

Consider an employer requiring their employees to use their personal social media profiles to promote the company.  Does that give an employer the right to highjack personal social media profiles if the employee is hospitalized?  How about if the employee leaves the company?

All of the discovery in this case is digital: Social Media and Text Messages.  Both are high transitory and can present preservation challenges.  Attorneys must consider social media in their electronic discovery planning, from collection and review.  While Outlook based email is very established, “cloud” based social media discovery cannot be ignored.

Tagging Damages for Violating the CAN-SPAM Act on a Social Networking Site

A registered Facebook user allegedly gained unauthorized access to 116,000 Facebook accounts and sent in excess of 7.2 million spam email messages. Facebook, Inc. v. Fisher, 2011 U.S. Dist. LEXIS 9668, at *3 (N.D. Cal. Jan. 26, 2011). 

These spam emails were designed to “phish” for log-in information from Facebook users and continue the spam email message cycle.  Id.

Facebook received over 8,000 complaints and over 4,500 people deactivated their Facebook accounts.  Fischer, at *8.

Un-friending the Defendant was not simply enough for Facebook. 

Facebook sued on the following causes of action:

(1) Violation of the Controlling the Assault of Non-Solicited Pornography and Marketing Act (“CAN-SPAM Act”), 15 U.S.C. § 7701 et seq.;

(2) Violation of the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030 et seq.;

(3) Violation of Cal. Penal Code § 502; and

(4) Violation of Cal. Bus. & Prof. Code § 22948. 

Fischer, at *4.

The Plaintiff obtained a default judgment and proceeded to tag the Defendant with as many damages as possible. 

The maximum penalty under the CAN-SPAM Act allows for an award of $100 for each of the 7.2 million violations, plus aggravated damages.  Total sought:  $2,160,000,000. Fischer, at *6.

The Plaintiff also sought $500,000 under the under Cal. Bus. & Prof. Code § 22948 and requested treble damages for a total award of $1,500,000. Fischer, at *6.

The Court found that a damages award in excess of $2 billion was not proportionate to the violation of the various statutes.  Fischer, at *6.  Instead, the Court awarded statutory damages of $.50 for each CAN-SPAM Act violation for $360,000,000.  The Court also awarded damages of $500,000 pursuant to Cal. Bus. & Prof. Code § 22948.2, making the total damages $360,500,000. Fischer, at *7.  The Court declined to award treble damages.  Id.

Bow Tie Thoughts

There is a phrase from Political Science and History classes on war: Making the rubble bounce. 

Some damage awards are to prove a point, and deterrence, from future violations.  Facebook sought to prove a point to deter spammers from any phishing and other attacks on identity theft by dropping a nuclear bomb on this Defendant.  While Facebook did not vaporize the Defendant, a default damage award of $360,500,000 certainly made the rubble bounce.  It showed both the Plaintiff, and the Court, did not tolerate 116,000 people having their Facebook accounts being compromised.

Espresso, WiFi, & Confidentiality with a Twist of Lemon

Many attorneys, as with a large contingent of the general public, do not possess much, if any, technological savvy. Although the Committee does not believe that attorneys must develop a mastery of the security features and deficiencies of each technology available, the duties of confidentiality and competence that attorneys owe to their clients do require a basic understanding of the electronic protections afforded by the technology they use in their practice. If the attorney lacks the necessary competence to assess the security of the technology, he or she must seek additional information or consult with someone who possesses the necessary knowledge, such as an information technology consultant.

California State Bar Professional Responsibility and Conduct Formal Opinion No. 2010-179, page 5.

Some associate attorney went out for coffee and got a lot more than an espresso with a twist of lemon.

California attorneys now need to consider 6 factors before enjoying a mocha and sending work emails on a firm issued laptop while on a coffee shop’s WiFi service according to the California State Bar Professional Responsibility and Conduct Formal Opinion No. 2010-179. 

The Opinion addressed whether an attorney violates their duties of confidentiality and competence when transmitting or storing confidential information that might be susceptible to third parties. Opinion No. 2010-179. In short, an associate attorney sending work emails from Starbucks on her laptop. And since the lawyer lives in the 21st Century with a monthly billable hour requirement, she takes her laptop home every night to do legal research on her cases using her wireless Internet connection. 

The Opinion rationally discussed an attorney’s ethical duty to preserve client confidences.  For example, if a lawyer is on an airplane and working on a computer, they should turn the screen, so the person sitting next to them cannot see it.  Opinion No. 2010-179, fn 9. 

Fear of hacking  while on a wireless network is real.  For example, Firefox can be hacked by the add-on Firesheep.  This hacking add-on “adds a sidebar to Mozilla’s Firefox browser that shows when anyone on an open network — such as a coffee shop’s Wi-Fi network — visits an insecure site. ‘Double-click on someone [in the sidebar] and you’re instantly logged on as them.’” See, New Firefox add-on hijacks Facebook, Twitter sessions, Last Visited on 11/04/2010

As Opinion No. 2010-179 highlights, lawyers have an express duty to “[t]o maintain inviolate the confidence, and at every peril to himself or herself to preserve the secrets, of his or her client.” Opinion No. 2010-179, page 2, citing (Bus. & Prof. Code, § 6068, subd. (e)(1).)

Furthermore, California Rules of Professional Conduct, Rules 3-110(A) “prohibits the intentional, reckless or repeated failure to perform legal services with competence.” Opinion No. 2010-179, page 2.   

Moreover, “’competence’ may apply to an attorney’s diligence and learning with respect to handling matters for clients.” Opinion No. 2010-179, page 2, citing Rules Prof. Conduct, rule 3-110(B).

The Opinion outlined the following six factors before using wireless communications:

1) The level of security attendant to the use of that technology, including whether reasonable precautions may be taken when using the technology to increase the level of security;

2) The legal ramifications to a third-party who intercepts, accesses or exceeds authorized use of the electronic information;

3) The degree of sensitivity of the information;

4) The possible impact on the client of an inadvertent disclosure of privileged or confidential information or work product;

5) The urgency of the situation; and

6) The client’s instructions and circumstances, such as access by others to the client’s devices and communications.

Opinion No. 2010-179, page 1.

The Committee ultimately found the following: 

“[D]ue to the lack of security features provided in most public wireless access locations, Attorney risks violating his duties of confidentiality and competence in using the wireless connection at the coffee shop to work on Client’s matter unless he takes appropriate precautions, such as using a combination of file encryption, encryption of wireless transmissions and a personal firewall.”

Opinion No. 2010-179, page 7.

The Opinion stated that using a public wireless network might violate a lawyer’s ethical obligations, because of the “sensitivity” of the case.  Id.

The Committee also stated that using a personal wireless network to work from home would not violate a lawyer’s ethical duties, provided the network is configured with “appropriate security features.” Id. 

Translated: You might need your coffee to go, but working from home on the weekends should be ok.  

Bow Tie Thoughts

People are used to having wireless technology, especially as we become more “App” and “Cloud” dependant.  However, attorneys must always be aware of their ethical duties as they look to use new technologies.

Accessing email from a coffee shop is one thing, but there could be greater issues if an attorney is doing document review on a hosted review platform.  While document review can be extremely painful and working at a coffee shop a welcome break, attorneys should be very mindful where they are accessing “stored confidential information” on a public wireless network to avoid discovery and attorney work product from being hacked.

How Third Party ESI Requests Collide with the Stored Communications Act

The Plaintiff in an online fraud case sought the production of personal email messages from Yahoo.  Jimena v. UBS AG Bank, Inc., 2010 U.S. Dist. LEXIS 95050 (E.D. Cal. Aug. 27, 2010).

The allegations of the lawsuit involved a “Nigerian advance fee scheme,” where the Plaintiff claimed the Defendant, the Chief Financial Officer of UBS AG Bank, Inc., sent the Plaintiff emails from his Yahoo accounts.  Jimena, at *1.

The Defendant’s CFO purportedly offered to transfer $19 million to the Plaintiff if the Plaintiff sent $51,000 via wire transfer, so millions of dollars could clear “Anti-Drug/Terrorist Clearance” fees for transfers from Nigeria.   Id.

The Plaintiff did not get $19 million dollars. 

However, Yahoo did get a Federal Rule of Civil Procedure Rule 45 subpoena for emails from the Defendant’s two email accounts relevant to the lawsuit.  Jimena, at *2. 

Yahoo responded by that they did not have any subscriber information or responsive ESI for the named Defendant’s CFO.  Jimena, at *4. 

Yahoo also claimed that if there were responsive electronically stored information, it could not disclose the content of that information under the Stored Communications act without the consent of the subscriber.  Jimena, at *4-5. 

The Stored Communication Act states, in relevant part,

(a) Prohibitions. Except as provided in subsection (b) or (c)–
   (1) a person or entity providing an electronic communication service to the public shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service; and
   (2) a person or entity providing remote computing service to the public shall not knowingly divulge to any person or entity the contents of any communication which is carried or maintained on that service–
      (A) on behalf of, and received by means of electronic transmission from (or created by means of computer processing of communications received by means of electronic transmission from), a subscriber or customer of such service;
      (B) solely for the purpose of providing storage or computer processing services to such subscriber or customer, if the provider is not authorized to access the contents of any such communications for purposes of providing any services other than storage or computer processing; and
   (3) a provider of remote computing service or electronic communication service to the public shall not knowingly divulge a record or other information pertaining to a subscriber to or customer of such service (not including the contents of communications covered by paragraph (1) or (2)) to any governmental entity.

(b) Exceptions for disclosure of communications. A provider described in subsection (a) may divulge the contents of a communication–
   (1) to an addressee or intended recipient of such communication or an agent of such addressee or intended recipient;
   (2) as otherwise authorized in section 2517, 2511(2)(a), or 2703 of this title [18 USCS § 2517, 2511(2)(a), or 2703];
   (3) with the lawful consent of the originator or an addressee or intended recipient of such communication, or the subscriber in the case of remote computing service;
   (4) to a person employed or authorized or whose facilities are used to forward such communication to its destination;
   (5) as may be necessarily incident to the rendition of the service or to the protection of the rights or property of the provider of that service;

18 USCS § 2702

The Plaintiff filed a motion to compel the Defendant to give its consent to disclose the Yahoo email content of the Defendant’s CFO.  Jimena, at *5. 

The Plaintiff argued that because the CFO was employed by the Defendant, the Defendant had the legal right to consent to the production of the CFO’s personal data from Yahoo.  Jimena, at *5. 

Yahoo filed an opposition to the motion out of the concern that the motion would be used to compel Yahoo’s compliance with the original subpoena.  Jimena, at *6.

The Defendant responded they were willing to consent for the CFO’s Yahoo subscriber information to be produced. However, the Defendant argued that there were no responsive email messages, as evidenced from Yahoo’s prior declarations.  Jimena, at *6.

The Court noted in a footnote that it was largely unaddressed whether the Defendant had the legal right under the Stored Communication Act to consent to the CFO’s personal email being produced.  Jimena, at *7, fn 1.  This issue alone is worthy of a detailed Court opinion.

Hitting Delete on the Motion to Compel

The Court denied the motion to compel Yahoo to produce electronically stored information.   Jimena, at *8.

The Federal Rule of Civil Procedure Rule 45 subpoena had a fatal procedural defect:

Yahoo was served in Sunnyvale, California (near San Jose). 

The subpoena required production at the United States District Courthouse in Fresno, California, which is more than 100 miles away. 

According to Rule 45, the production must take place within 100 miles of the issuing District Court. Jimena, at *8-9.

The Court assumed even if the subpoena could be enforced, Yahoo had demonstrated it had no responsive electronically stored information.  Jimena, at *9.  Yahoo argued that additional searches would “require the company to dedicate an incalculable amount of resources to conduct a manual search of all of its stored data.”  Jimena, at *9.

A court may not force a third-party to endure “undue burden” in the enforcement of a subpoena.  Jimena, at *9, citing Fed. R. Civ. P. 45(c)(3)(A)(iv). 

The Court held Yahoo would not be compelled to conduct additional searches, because of the cost and unlikelihood to prove different results.  Jimena, at *9-10. 

Bow Tie Thoughts

The Court’s two footnotes foreshadow an issue that will be decided: Does an employer have the legal authority to authorize the disclosure of an employee’s relevant personal electronically stored information under the Stored Communication Act?  The Court in Jimena did not decide this issue, but questioned whether the Defendant had such legal authority.  See, Jimena, at *fn 1 and 2. 

The analysis of whether such consent is proper would likely include if personal emails were being sent on a company device, during company time and in the course of the individual’s employment. However, this should make all of us stop and think. 

The idea of an employer having the power to consent to the production of an employee’s personal Facebook activity, webmail messages or text messages on a personal phone should strike fear into everyone.  Such an application of the Stored Communication Act would gut any protections the Act is supposed to offer, nevermind any state constitutional privacy rights.