Defendant emailed three pictures, thinking he was communicating with two 14-year-old girls. But he was actually communicating with a police detective. And the pictures were not of defendant, but of plaintiff — a cop in a neighboring community. The pictures were not sexually explicit, but the accompanying communications were. Defendant had copied them from plaintiff’s Facebook page.
Plaintiff and his wife sued defendant under a number of tort theories. Defendant moved to dismiss plaintiffs’ claims for false light publicity and intentional infliction of emotional distress. The court denied the motion.
It found that the false light in which defendant placed plaintiff through his conduct would be highly offensive to a reasonable person, and that defendant had knowledge of or acted in reckless disregard as to the falsity of the identity of the person in the photo, and the false light into which the plaintiff would be placed.
As for the intentional infliction of emotional distress claim, the court found that: (1) defendant intended to inflict emotional distress or that he knew or should have known that emotional distress was the likely result of his conduct; (2) that the conduct was extreme and outrageous; (3) that the conduct was the cause of plaintiff’s distress; and (4) that the emotional distress sustained by the plaintiff was severe.
Defendant argued that his conduct was not extreme and outrageous. The court addressed that argument by noting that:
[Defendant] cannot do that with a straight face. The test is whether “the recitation of the facts to an average member of the community would arouse his resentment against the actor and lead him to exclaim, Outrageous!” . . . This is such a case.
Plaintiff’s wife’s intentional infliction of emotional distress claim survived as well. This was not, as defendant argued, an allegation of bystander emotional distress, such as that of a witness to an automobile accident. Defendant’s conduct implied that plaintiff was a sexual predator. This would naturally reflect on his spouse and cause her great personal embarrassment and natural concern for her own personal health quite apart from the distress she may have experienced from observing her husband’s own travail.
Dzamko v. Dossantos, 2013 WL 5969531 (Conn.Super. October 23, 2013)
Short answer: Pretty much no.
The Computer Fraud and Abuse Act is found at 18 U.S.C. 1030. Subpart (f) reads as follows:
This section [i.e., the Computer Fraud and Abuse Act] does not prohibit any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a State, or of an intelligence agency of the United States.
The recent controversy over whether the FBI and/or the NSA is behind the recent Tor anonymity compromising brings this question up. So we can cut right to the question of whether that conduct is outside this exception to the CFAA, in that it is not a “lawfully authorized” law enforcement activity. Given the nuance and complexity of these issues, we should not expect easy answers.
Two members of an LLC sued another member and the company’s manager of information services alleging violation of the Stored Communications Act, 28 U.S.C. 2701 et seq. Defendants moved to dismiss for failure to state a claim. The court denied the motion.
Plaintiffs alleged that the LLC’s operating agreement required “Company decisions” to be made based on four of the five members voting in favor. The company had no policy in place authorizing the search and review of employees’ email messages, nor did it inform employees that their email may be accessed. Plaintiffs did not consent to their emails being searched and reviewed.
In connection with a dispute among the LLC members, one of them allegedly (in cooperation with the manager of information services) accessed the company’s email server using administrative credentials. She allegedly performed over 2,000 searches, retrieving other members’ communications of a personal nature, as well as communications with those members’ legal counsel.
Defendants moved to dismiss under 12(b)(6), arguing that plaintiffs could not show the access was unauthorized. Defendants argued that there was no electronic trespass, as the access was accomplished simply by company procedure.
The court rejected defendants’ arguments, finding that plaintiffs had sufficiently alleged an SCA violation, since plaintiffs had not consented to the access, and because no policy existed permitting an individual to search and review emails of members or employees absent the four-fifths approval required by the operating agreement.
Joseph v. Carnes, 2013 WL 2112217 (N.D.Ill. May 14, 2013)
Huntington Ingalls Inc. v. Doe, 2012 WL 5897483 (N.D. Cal. November 21, 2012)
A federal court in California has allowed a party to subpoena Google to learn the identity of a Gmail account owner, even though that owner did nothing to involve himself in the dispute.
A contractor that plaintiff hired accidentally emailed “property” belonging to plaintiff to the wrong email address. (The court’s opinion is not clear on the nature of this “property,” but we are safe in assuming it was some sort of proprietary information.) Plaintiff sent messages to the Gmail account seeking return of the property, but the unknown account owner did not respond.
Plaintiff filed suit in federal court against the anonymous account holder (John Doe) seeking declaratory and injunctive relief (i.e., to get the property back). Since plaintiff did not know Doe’s identity, it sought expedited discovery so that it could subpoena Google for the identifying information.
The court granted the motion for leave to send the subpoenas. It found that:
- without the subpoena, plaintiff would have no other way to obtain “this most basic information”
- the subpoena was the exclusive means available to plaintiff to protect its property interest
- plaintiff’s proposed procedure guarded Doe’s due process rights by requiring Google to give Doe notice of the subpoena and an opportunity to object
The court’s opinion shows how any privacy interest in one’s email account information is tenuous at best. In this situation, the target of the unmasking efforts was, as they say, minding his own business, not doing anything to inject himself into any dispute.
Moreover, unlike many previous cases in which courts have required the party seeking discovery of an anonymous party’s identity to put forth facts showing it has a good case, there was no claim here that Doe did anything wrong. Instead, it was the sender’s mistake. One could find it unsettling to know that other peoples’ errors could cause a court to order his or her identity to be publicly revealed.
Photo courtesy Flickr user Bart Heird under this Creative Commons license.