March 12, 2011 Privacy

Court says you don’t need a person’s permission to tag them in a Facebook photo

Lalonde v. Lalonde, — S.W.3d —, 2011 WL 832465 (Ky. App., February 25, 2011)

Mother sought appellate review of the lower court’s order that awarded primary physical custody of her daughter to the child’s father. The mother argued, among other things, that the court improperly considered Facebook photos showing her drinking. This was not good because her psychologist had testified that alcohol would have an adverse effect on the medication she was taking for bipolar disorder. (Seems like there’s no shortage of cases involving drinkin’ photos on social media.)

The court rejected the mother’s assertion that the photos should not be considered as evidence. She argued that because Facebook allows anyone to post pictures and then “tag” or identify the people in the pictures, she never gave permission for the photographs to be published in this manner. The court held that “[t]here is nothing within the law that requires [one’s] permission when someone takes a picture and posts it on a Facebook page. There is nothing that requires [one’s] permission when she [is] “tagged” or identified as a person in those pictures.”

It might be easy to overstate the court’s conclusion here. Some instances of tagging might be part of something actionable. For example, the posting and tagging of photos in the right context might constitute harassment, infliction of emotional distress, or invasion of privacy. Use of another’s photo on the web without permission for commercial purposes might violate that person’s right of publicity. And of course there is the question of copyright as to the uploading of the photo in the first place — if the person appearing in the photo owns the copyright (e.g., it’s a self-portrait) there is the risk of infringement. But it’s interesting to see the court appear to validate ordinary tagging.

March 10, 2011 Contracts, Litigation

Drunk reality show participant’s invasion of privacy claim stays in court, for now

Amirmotazedi v. Viacom, Inc., — F.Supp.2d —, 2011 WL 802134 (D.D.C. March 9, 2011)

Plaintiff sued the producers of The Real World (MTV, Viacom and Bunim-Murray Productions) for, among other things, invasion of privacy and intentional infliction of emotional distress over the way that the show portrayed her in an episode and in outtakes posted on the web. Defendants moved to dismiss, claiming that the plaintiff signed a release on the night she visited the Real World house, and that the release’s arbitration clause meant the case did not belong in court. The court denied the motion.

To argue against the enforceability of the arbitration provision, plaintiff asserted that she was so drunk on the night of the filming that she lacked the mental capacity to understand the significance of the arbitration provision. (This is called the voluntary intoxication defense.)

The court sided with plaintiff, finding that plaintiff’s mental capacity defense went to the question of formation, or the “making” of the agreement to arbitrate, thus under the Federal Arbitration Act, the question of the arbitration provision’s enforceability must be decided by the court. That’s not to say that the court won’t ultimately kick the case into arbitration. It’s just that the case stays before the court for now to determine whether plaintiff’s voluntary intoxication defense requires the agreement to be voided.

Related: California court invalidates Alienware arbitration provision in online terms and conditions

March 9, 2011 Privacy

Judge uses Facebook to research litigant

We’ve all heard the stories about lawyers using social media to research jurors and to gather evidence about opponents. But here’s a new twist: even judges look to Facebook to find information about the parties appearing before them.

In Purvis v. Commissioner of Social Sec., 2011 WL 741234 (D.N.J., Feb. 23, 2011), the question before federal judge Susan Davis Wigenton was whether the plaintiff had been wrongfully denied Social Security benefits. Ultimately the judge determined that the question of whether plaintiff’s asthma made her disabled needed to go back to the Social Security office for further proceedings. But the judge had some pretty severe skepticism about the merits of the plaintiff’s claim, expressed in this footnote:

Although the Court remands the ALJ’s decision for a more detailed finding, it notes that in the course of its own research, it discovered one profile picture on what is believed to be Plaintiff’s Facebook page where she appears to be smoking. Profile Pictures by Theresa Purvis, Facebook, [link omitted because it’s broken] (last visited Feb. 16, 2011). If accurately depicted, Plaintiff’s credibility is justifiably suspect.

I guess the moral of the story is to hide your smokes when someone pulls out a camera. Or maybe there’s an even bigger lesson. What do you think? Leave your comments.

March 4, 2011 Computer Crime, Privacy

Mom violated wiretap law by bugging daughter’s teddy bear to eavesdrop on dad

Lewton v. Divingnzzo, 2011 WL 692292 (D.Neb. Feb. 18, 2011)

Defendant thought her ex-husband was abusing their daughter during visitations. To prove these allegations in the custody case, defendant sewed an electronic recording device into the little girl’s favorite teddy bear. After the daughter returned from visiting with her father, the mom would unstitch the teddy bear and download the recorded conversations onto her computer.

She tried using the transcribed recordings as evidence in the state court custody proceeding. But the judge would not let them into evidence because they violated Nebraska law. The father and others whose conversations were recorded via the teddy bear sued the mom under the federal Electronic Communications Privacy Act.

Both sides moved for summary judgment. The court ruled in favor of the father, finding that the surreptitious recording did not fit into any exception of the ECPA.

The ECPA provides a private right of action to any person whose wire, oral or electronic communication is intercepted, disclosed or intentionally used in violation of the ECPA. Looking to Eighth Circuit authority, the court observed that the ECPA prohibits all wiretapping that is not specifically exempted by the statute.

No doubt this was a tough case – a parent fearing for the safety of his or her child might have strong reasons to resort to eavesdropping to protect the child. But the court was hamstrung – “[w]hile the notion that a parent or guardian should be able to listen to a child’s conversations to protect the child from harm may have merit as a matter of policy, it is for Congress, not the courts, to alter the provisions of the statute.”

The court ordered the defendant and her father (who had transcribed the recordings) to pay $10,000 to each of the offended plaintiffs. The defendant’s lawyer who had distributed the recordings to the guardian ad litem and others was found to have violated the ECPA but was not ordered to pay any money damages.

March 3, 2011 Computer Crime, Litigation

What is a reasonable cost that should count as loss under the Computer Fraud and Abuse Act?

1st Rate Mortg. Corp. v. Vision Mortgage Services Corp., 2011 WL 666088 (E.D.Wis. Feb. 14, 2011)

The Computer Fraud and Abuse Act (CFAA) is a popular weapon that employers use against former employees who steal information on the job. But since the employees just use their credentials to get information off the server, there really is no security breach that occurs in those inside jobs.

So you might tend to agree that the employer overreacts when, after discovering the nefarious acts of its employees, it conducts a thorough and expensive security analysis of its whole system. Just delete the offending employees’ accounts and move on, right?

And this overreaction shouldn’t give the employer something to sue over that it would not have had if it reacted reasonably to the threat, don’t you think? After all, plaintiffs have a duty to mitigate their damages.

The defendants (accused former employee information thieves) in a recent federal case in Wisconsin argued along these lines in their summary judgment brief. But the court did not buy it at the summary judgment stage – whether a CFAA plaintiff’s reaction to alleged theft is “reasonable” should be answered by the jury.

The CFAA allows a plaintiff to recover its “loss.” And courts have interpreted the term “loss” to include the cost of responding to a security breach. But the statute says that loss includes the “reasonable cost to any victim.”

In this case, defendants argued that the employer’s overreaction in doing a system-wide analysis caused the employer to incur an unreasonable (and therefore uncompensable) cost. The court held, however, that “[w]hat matters is whether the employer’s reaction was reasonable, not whether it was strictly necessary to continuing in business.” A jury may well conclude the reaction and its related costs were appropriate.

March 1, 2011 Computer Crime

Decision suggests that sexting by minors would violate federal child porn laws

Clark v. Roccanova, 2011 WL 665621 (E.D. Ky. February 14, 2011)

Is there a violation of the federal laws against child pornography when the accused himself is a minor? A Kentucky federal court says yes.

Three 14-year-old boys allegedly “coerced, enticed and persuaded” a 14-year-old girl to make a sexually explicit video. Later the three boys transmitted the video over the internet. The girl filed a civil suit against the boys for violations of 18 USC §§2251 and 2252.

The defendants moved to dismiss, arguing that the statutes covered only the conduct of adults. The court rejected that argument. It found that nothing in the plain language of the statutes, nor in the legislative history, supported such an interpretation.

Both statutes prohibit creation, possession and transmission of child pornography by any “person.” While “person” is not defined in 18 U.S.C. §2256, the statute’s definition of “identifiable minor” begins by stating that a minor is a “person.” 18 U.S.C. § 2256(9)(A). The court found that indicates that “person” is meant to refer to an individual of any age, not just an adult.

February 8, 2011 Electronic Discovery, Privacy, Uncategorized

Facebook user had standing to challenge subpoena seeking his profile information

Mancuso v. Florida Metropolitan University, Inc., 2011 WL 310726 (S.D. Fla. January 28, 2011 )

Plaintiff sued his former employer seeking back overtime wages. In preparing its defense of the case, the employer sent supboenas to Facebook and Myspace seeking information about plaintiff’s use of those platforms. (The employer probably wanted to subtract the amount of time plaintiff spent messing around online from his claim of back pay.) Plaintiff moved to quash the subpoenas, claiming that his accounts contained confidential and privileged information. The court denied the motion as to these social networking accounts, but did so kind of on a technicality. The subpoenas were issued out of federal district courts in California, and since this court (in Florida) did not have jurisdiction over the issuance of those subpoenas, it had to deny the motion to quash.

But there was some interesting discussion that took place in getting to this analysis that is worth noting. Generally, a party does not have standing to challenge a subpoena served on a non-party, unless that party has a personal right or privilege with respect to the subject matter of the materials subpoenaed. The employer argued that plaintiff did not have standing to challenge the subpoenas in the first place.

The court disagreed, looking to the case of Crispin v. Christian Audiger, Inc. 717 F.Supp.2d 965 (C.D. Cal. 2010), in which that court explained:

[A]n individual has a personal right in information in his or her profile and inbox on a social networking site and his or her webmail inbox in the same way that an individual has a personal right in employment and banking records. As with bank and employment records, this personal right is sufficient to confer standing to move to quash a subpoena seeking such information.

This almost sounds like an individual has a privacy right in his or her social media information. But the p-word is absent from this analysis. So from this case we know there is a right to challenge subpoenas directed at intermediaries with information. We’re just not given much to go on as to why such a subpoena should be quashed.

February 3, 2011 Anonymity

Federal court applies Seescandy.com test to unmask anonymous defendants in copyright and privacy case

Liberty Media Holdings, LLC. v. Does 1-59, 2011 WL 292128 (S.D. Cal., January 25, 2011)

Plaintiff porn company sued 59 anonymous defendants it knew only by IP address for violation of the Stored Communications Act (SCA), the Computer Fraud and Abuse Act (CFAA) and for copyright infringement. Since plaintiff did not know who the defendants were, it had to jump through a few hoops to find out their names.

The court rewarded such hoop-jumping by ordering that the defendants’ identities be turned over.

Hoop #1 – The Cable Communications Policy Act of 1984

A subpoena to the defendants’ internet service providers would reveal the needed information. But these ISPs, being governed by the Cable Communications Policy Act of 1984, could not turn over their subscribers’ information without a court order. (See 47 USC 515(c)(2)(B))

Hoop #2 – Discovery prior to the Rule 26(f) conference

What’s more, a plaintiff cannot start conducting discovery (and a subpoena is a discovery tool) until after it has had the initial conference with the defendant (the Rule 26(f) conference). But how can a plaintiff confer with a defendant it does not know? There is a bootstrapping problem here. The court has to step in and issue an order allowing the discovery be had.

Hoop #3 – Balancing injury versus right to anonymous speech

And getting that court order is a bit problematic and nuanced when one is dealing with anonymous defendants. The courts recognize the conflict between a need to provide injured plaintiffs with a forum in which they may seek redress for grievances, and the right of John Doe defendants to use the internet anonymously or pseudonymously when appropriate.

So judges apply a balancing test to weigh these interests. Different courts apply different tests. Some apply a very demanding standard, requiring plaintiffs to present enough facts to withstand a hypothetical motion for summary judgment. Other cases require a lesser burden be carried, looking merely to whether the complaint would survive a motion to dismiss. That’s the standard the court applied in this case.

The Seescandy.com standard

It looked to the 1999 case of Columbia Ins. Co. v. Seescandy.com, 185 F.R.D. 573, 577 (N.D.Cal.1999) which articulated the following test:

  • First, the plaintiff should identify the missing party with sufficient specificity such that the Court can determine that (the) defendant is a real person or entity that could be sued in federal court …
  • Second, the (plaintiff) should identify all previous steps taken to locate the elusive defendant …
  • Third, Plaintiff should establish to the Court’s satisfaction that plaintiff’s suit against (the) defendant could withstand a motion to dismiss … Plaintiff must make some showing that an act giving rise to civil liability actually occurred and that the discovery is aimed at revealing specific identifying features of the person or entity who committed the act.

In this case, the court found that each of these criteria had been met across the board.

It found that plaintiff had identified the defendants as best it could. Plaintiff provided the court with the unique IP addresses assigned to each defendant and the ISP that provided each defendant with internet access. Further, the requested discovery was necessary for plaintiff to determine the names and addresses of each defendant who performed the allegedly illegal and infringing acts.

The only information plaintiff had regarding the defendants was their IP addresses and their ISPs. Therefore, there were no other measures plaintiff could have taken to identify the defendants other than to obtain their identifying information from their ISPs.

And the court found the allegations supporting each of the claims were sufficient to survive a motion to dismiss.

As to the SCA, the complaint alleged that defendants intentionally accessed plaintiff’s web servers, which are facilities where electronic communication services are provided, defendants had no right to access the copyrighted materials on plaintiff’s website, and defendants obtained access to these electronic communications while these communications were in electronic storage.

On the CFAA claim, the complaint alleged that defendants unlawfully and without authorization entered into plaintiff’s computer server, which was used in interstate commerce, where plaintiff’s copyrighted materials were contained, stole plaintiff’s copyrighted materials, valued in excess of $15,000, and as a result of such conduct, caused plaintiff to suffer damage. Based on these facts, 18 USC 1030(g) authorized plaintiff’s civil action.

And as for copyright infringement, plaintiff alleged that it is the owner of the copyrights for certain motion pictures, which were accessed, reproduced, distributed and publicly displayed by defendants. Also, plaintiff alleged that defendants, without authorization, intentionally accessed, reproduced and distributed plaintiff’s copyrighted works onto their local hard drives or other storage devices.

January 22, 2011 Privacy

College must reinstate nursing student who posted placenta picture on Facebook

Byrnes v. Johnson County Community College, 2011 WL 166715 (D. Kan., January 19, 2011)

Plaintiff nursing student and some of her classmates attended a clinical OB/GYN course at the local hospital in Olathe, Kansas last November. They got permission from their instructor to photograph themselves with a placenta. Plaintiff posted the photo on Facebook. She got expelled from school. Yes, I know you want to see the photo. Here it is.

So she sued the college for violation of her due process rights and sought an injunction ordering that she be reinstated. The court granted the motion.

The court found that the appeal process that the college provided to plaintiff was in no way a fair and unbiased opportunity for her to fully present her case before a neutral and unbiased arbitrator.

The instructor had granted permission for plaintiff to take the picture — and may have consented to its publication on Facebook — but plaintiff did not get an adequate chance to make that argument. The court observed that “photos are taken to be viewed,” and that “by giving the students permission to take the photos, which [the instructor] admitted, it was reasonable to anticipate that the photos would be shown to others.”

Also relevant in the analysis was the absence of any apparent privacy right implicated by showing the placenta. Nothing in the photo showed any patient identification, nor were any of the nursing students able to testify that they knew the patient’s identity. The court found it irrelevant that the placenta appeared to be “fresh,” rejecting the defendants’ implications that that would somehow indicate who the patient was.

Because plaintiff had shown a likelihood of success on her due process argument, and had met the other requirements for the injunction (such as a showing of irreparable harm if not reinstated), the court granted the order that plaintiff be permitted to take last semester’s final exams and permitted to go back to class.

January 13, 2011 Litigation

Tweet by friend of husband of jury foreperson did not taint jury trial

U.S. v. Forde, 2011 WL 63831 (4th Cir. January 10, 2011)

Defendant was convicted of bankruptcy fraud and some other similar crimes. One of his arguments on appeal was that the trial court judge erred by not holding a hearing to investigate alleged juror impropriety. The jury foreperson’s husband’s friend had posted the following tweet during the trial:

assume: suppose to be the case, without proof; presume: suppose that something is the case on the basis of probability.

The appellate court rejected the defendant’s argument. It held that the duty to investigate juror impropriety arises only when the party alleging misconduct makes and adequate showing of extrinsic influence to overcome the presumption of jury impartiality. “In other words, there must be something more than mere speculation.”

The court found that “the string of possibilities” about the tweet — i.e., that the foreperson possibly talked to her husband, who possibly talked to his friend, who possibly took to Twitter in response to what the husband possibly told him — was nothing but speculation and thus fell far short of establishing reasonable grounds for investigation.

Scroll to top