Tag Archives: ediscovery

Trial court erred in ordering defendant to turn over his iPhone in ediscovery dispute

AllianceBernstein L.P. v. Atha, — N.Y.S.2d —, 2012 WL 5519060 (N.Y.A.D. 1 Dept., November 15, 2012)

Plaintiff sued its former employee for breach of contract alleging he took client contact information on his iPhone when he left the job. The trial court ordered defendant to turn the iPhone over to plaintiff’s counsel so plaintiff could obtain the allegedly retained information.

Defendant sought review of the discovery order. On appeal, the court reversed and remanded.

The appellate court found that the lower court’s order that defendant turn over his iPhone was beyond the scope of plaintiff’s request and was too broad for the needs of the case. Ordering production of defendant’s iPhone (which, the court observed, has built-in applications and internet access) “was tantamount to ordering the production of his computer.” The iPhone would disclose irrelevant information that might include privileged communications or confidential information.

So the court ordered that the phone and a record of the device’s contents be delivered to the court for an in camera review to determine what, if any information contained on the phone was responsive to plaintiff’s discovery request.

Court orders in camera review of injured plaintiff’s Facebook content

Richards v. Hertz Corp., — N.Y.S.2d —, 2012 WL 5503841 (N.Y.A.D. 2 Dept. November 14, 2012)

Plaintiff sued defendant for personal injury. Defendant saw a photo plaintiff had publicly posted on Facebook of herself skiing. When defendant requested plaintiff to turn over the rest of her Facebook content (presumably to find other like-pictures which would undermine plaintiff’s case), plaintiff sought a protective order. The trial court granted the motion for protective order, but required plaintiff to turn over every photo she had posted to Facebook of herself engaged in a “sporting activity”.

woman skiing

Defendants appealed the entry of the protective order. On review, the appellate court reversed and remanded, finding that defendants had made a showing that at least some of the discovery sought would result in the disclosure of relevant or potentially relevant evidence.

But due to the “likely presence” of private and irrelevant information in plaintiff’s account, the court ordered the information be turned over to the judge for an in camera review prior to disclosure to defendants.

Whether the plaintiff effectively preserved her Facebook account information may be an issue here. The facts go back to 2009. One is left to wonder whether and to what extent plaintiff has not gone back and deleted information from her account which would bear on the nature and extent of her injuries. It goes to show that social media discovery disputes can take on a number of nuances.

Photo courtesy Flickr user decafinata under this Creative Commons license.

No deposition of account holder allowed until he is named as defendant in BitTorrent copyright case

Hard Drive Productions, Inc. v. Doe, 2012 WL 90412 (E.D. Cal. July 11, 2012)

In a mass copyright infringement suit, plaintiff served a subpoena on an internet service provider and got the identifying information for the account holder suspected of trading a copy of a movie via BitTorrent. The account holder was uncooperative with plaintiff’s offers to settle, and denied downloading the file.

Instead of simply naming the identified account holder as a defendant in the case and proceeding with ordinary discovery, plaintiff asked the court for leave to take “expedited discovery,” namely, to depose the account holder to learn about:

  • the account holder’s involvement with the alleged distribution
  • his computers and network setup
  • his technical savvy
  • other users who may have had access to the computers or network

The court denied plaintiff’s request for leave to engage in the expedited discovery. It found that unlike other copyright cases in which anonymous infringers were identified, the efforts in this case “went far beyond seeking to identify a Doe defendant.” Instead, the court observed, it would be “a full-on deposition during which [the account holder] who plaintiff admits is likely not represented by counsel, may unwarily incriminate himself on the record before he has even been named as a defendant and served with process.”

Computer Fraud and Abuse Act case against hard drive destroying director goes forward

Deloitte & Touche LLP v. Carlson, 2011 WL 2923865 (N.D. Ill. July 18, 2011)

Defendant had risen to the level of Director of a large consulting and professional services firm. (There is some irony here – this case involves the destruction of electronic data, and defendant had been in charge of the firm’s security and privacy practice.)

After defendant left the firm to join a competitor, he returned his work-issued laptop with the old hard drive having been replaced by a new blank one. Defendant had destroyed the old hard drive because it had personal data on it such as tax returns and account information.

The firm sued, putting forth a number of claims, including violation of the Computer Fraud and Abuse Act (CFAA). Defendant moved to dismiss for failure to state a claim upon which relief can be granted. The court denied the motion.

Defendant argued that the CFAA claim should fail because plaintiff had not adequately pled that the destruction of the hard drive was done “without authorization.” The court rejected this argument.

The court looked to Int’l Airport Centers LLC v. Citrin, 440 F.3d 418 (7th Cir. 2006) for guidance on the question of whether defendant’s alleged conduct was “without authorization.” Int’l Airport Centers held that an employee acts without authorization as contemplated under the CFAA if he or she breaches a duty of loyalty to the employer prior to the alleged data destruction.

In this case, plaintiff alleged that defendant began soliciting another employee to leave before defendant left, and that defendant allegedly destroyed the data to cover his tracks. On these facts, the court found the “without authorization” element to be adequately pled.

Court shifts half of cost of forensic search to producing party in ediscovery case

[This is a post by Jonathan Rogers. Jon is a licensed attorney in California, with a focus on technology and entertainment law. You can reach him by email at jon@jonarogers.com or follow him on Twitter at @jonarogers.]

IWOI, LLC v. Monaco Coach Corporation, N.D. Ill. May 24, 2011

Plaintiff sued claiming breach of warranty and violations of certain state laws against consumer fraud stemming the sale of a motor coach. Plaintiff sought permission to search defendants’ hard drives to locate critical email which appeared to be missing from the original discovery production. Defendants contended that the email was not “reasonably accessible” under Federal Rule of Civil Procedure 26(b)(2)(B) and, therefore, they were under no obligation to produce it.

The court specified that the burden was on the party responding to discovery to identify whether there may be materials responsive to discovery requests that are stored on its system, but because of burden or cost are not reasonably accessible. However, that party cannot simply provide documents which are easily obtained and then assert that they have produced everything that is responsive to the request. If other relevant and responsive documents exist (or may exist), the party must say so and then say why those documents cannot or should not be produced.

Here, the defendants submitted only materials that were quickly accessible on employees’ desktops and made no effort to look further, even when they became aware that there was a possibility that there may be missing documents. A forensic expert asserted that he found the critical email in two separate locations on the computer network: on a local hard drive in an orphaned, but not deleted, storage file and also on a network hard drive that had been manually backed up. The expert concluded that a native Microsoft windows search of defendants’ computers would have uncovered the email and could be undertaken by an individual with no advanced computer knowledge.

The Court did not find the failure to produce the document to be a deliberate act by defendants, but that the document could have been found with minimal effort. It recognized that plaintiff (and the court) expended additional time and effort and incurred significant additional expenses searching for this document. Therefore, the court shifted half of the cost of the electronic discovery search to defendants.

Texas supreme court says identities of anonymous bloggers should not be disclosed

In re Does, — S.W.3d —, 2011 WL 1447544 (Texas, April 15, 2011)

The issue of anonymity is a hot topic in internet law. The question of whether an internet user known only by an IP address or username or website name should be identified arises fairly often in the early stages of internet defamation and certain copyright infringement cases. For example, the issue is a big one in the numerous copyright cases that have been brought recently against BitTorrent users who get subpoenas after being accused of trading copyrighted works online.

The supreme court of Texas has issued an opinion that protects the anonymity of a couple of bloggers who were accused of defamation, copyright infringement and invasion of privacy by another blogger. The court ordered that a subpoena served on Google (who hosted the Blogger accounts in question) be quashed.

Texas rules of procedure (Rule 202) allow a petitioner to take depositions before a lawsuit is filed in order to investigate a potential claim. The petitioner in this case filed such an action, and Google agreed to turn over the information about the anonymous Blogger users.

But the anonymous bloggers objected, and moved to quash the deposition subpoena, arguing that the findings required for the discovery to be taken had not been made.

The trial court was required to find that:

(1) allowing the petitioner to take the requested depositions may prevent a failure or delay of justice in an anticipated suit; or

(2) the likely benefit of allowing the petitioner to take the requested deposition to investigate a potential claim outweighs the burden or expense of the procedure.

Neither of these findings were made. Petitioner had tried to argue that the findings were not necessary because he had gotten the agreement of Google to turn over the information.

But the court saw how that missed the point. It held that without the required findings, the discovery could not be taken in the face of objections brought by other interested parties (the parties whose identities were at risk of being revealed).

While many courts have evaluated this kind of question using a first amendment analysis (i.e., is the John Doe’s interest in speaking anonymously outweighed by the plaintiff’s right to seek redress), the court in this case looked to more general concerns of avoiding litigation abuse. Citing to a law review article by Professor Hoffman, the court observed that there is “cause for concern about insufficient judicial attention to petitions to take presuit discovery” and that “judges should maintain an active oversight role to ensure that [such discovery is] not misused”.

Court says law firm did not eavesdrop on employee phone calls

Bowden v. Kirkland & Ellis, 2011 WL 1211555 (7th Cir. April 1, 2011)

Two former employees of a law firm sued the firm for violation of the Electronic Communications Privacy Act, 18 USC 2510 et seq. and for violation of the Illinois Eavesdropping Act, 720 ILCS 5/14-2. The district court granted summary judgment in favor of the law firm. The former employees sought review with the Seventh Circuit. On appeal, the court affirmed the grant of summary judgment.

The court held that the former employees’ evidence of eavesdropping raised no more than a “theoretical possibility” of a violation. Even one of the strongest experts in the case triple hedged his testimony, saying the records “could indicate the potential that interception may have occurred.” So the grant of summary judgment was proper.

The plaintiffs had also raised an electronic discovery issue, namely a claim that the law firm spoliated evidence by destroying a server that contained phone records relevant to the case. The court rejected that argument, finding no credible evidence that the destruction was undertaken in bad faith.

Stored Communications Act protects Yahoo email account from subpoena

Chasten v. Franklin, 2010 WL 4065606 (N.D.Cal. October 14, 2010)

Plaintiff sued some corrections officers at the prison where her inmate son was killed. She learned in a deposition that one of the defendants had a Yahoo email account. So she sent a subpoena to Yahoo seeking all the email messages sent from that account during a period of more than two years.

Defendant moved to quash the subpoena, arguing that disclosure of the email messages would violate his rights under the Stored Communications Act (SCA). The court granted the motion to quash.

Subject to certain specifically-enumerated exceptions, the SCA (at 18 U.S.C. 2702(a) and (b)) essentially prohibits providers of electronic communication or remote computing services to the public from knowingly divulging the contents of their customers’ electronic communications or the records relating to their customers. The court found that no such exception applied in this case. Citing to Theofel v. Farey-Jones, it held that compliance with the subpoena would be an invasion of the specific interests that the SCA seeks to protect.

Bipolar disorder no excuse for email hacker

Leor Exploration v. Aguiar, 2010 WL 3782195 (S.D. Fla. September 28, 2010)

Plaintiffs claimed that defendant hacked into one of the plaintiffs’ email accounts during the litigation to get an advantage in the case. The court entered severe sanctions against defendant for doing this — it struck his answer. In litigation, that is like declaring plaintiffs the winners.

Defendant had argued to the magistrate judge that his mental illness (bipolar disorder) caused him to hack plaintiff’s email account out of fear for his security. Defendant even presented expert testimony from a psychiatrist to support the claim that he lacked the mental state to act in bad faith.

In adopting the magistrate’s findings, the district judge found defendant’s psychiatric expert’s testimony unmoving. (Mainly because defendant’s lawyers limited what the expert could say.) So the court relied on other evidence that showed defendant’s bad faith intent in accessing the email. The novel theory of “not guilty of email hacking by reason of insanity” failed in this case.

Emails sent through Yahoo account using work computer protected under attorney-client privilege

The New Jersey supreme court has held that emails an employee sent to her lawyer using her company-issued computer and a personal Yahoo account are protected by the attorney-client privilege.

Stengart v. Loving Care Agency, Inc., — A.2d —, 2010 WL 1189458 (N.J. March 30, 2010)

The New Jersey courts have a reputation of being protective of “informational privacy.” See, e.g., State v. Reid. A recent decision concerning employee privacy in personal emails adds to that reputation.

Plaintiff-employee used a work-issued laptop to access her Yahoo email account, through which she communicated with her lawyer about her lawsuit against the employer. During the discovery phase of that employment discrimination lawsuit, the employer used computer forensics to recover those Yahoo emails that had been copied to the computer’s temporary internet files folder.

Counsel for plaintiff demanded that the employer turn over the recovered emails, arguing that the communications were protected by the attorney-client privilege. When the employer agreed to turn them over but not discontinue use of the information garnered from them, plaintiff sought relief from the court.

The trial court denied relief and plaintiff sought review with the appellate court. That court reversed, and the employer sought review with the state’s supreme court. The supreme court upheld the appellate court’s decision, holding that the employee had a reasonable expectation of privacy in the communications.

The employer relied on a broadly-written company policy through which the employer reserved the right to review and access “all matters on the company’s media systems and services at any time.” But the court rejected those arguments.

Framework for the analysis

The supreme court considered two aspects in its analysis: (1) the adequacy of the notice provided by the company policy, and (2) the important public policy concerns raised by the attorney-client privilege.

As for the adequacy of the notice provided by the policy, the court found that because the policy did not address the use of password-protected personal email accounts, the policy was “not entirely clear.” As for the importance of the attorney-client privilege, the court lavished it with almost-sacred verbal accoutrements, calling it a “venerable privilege . . . enshrined in history and practice.”

“Intrusion upon seclusion” as source for standard

The court noted that the analysis for a reasonable expectation of privacy in dealings between two private parties was a bit different than the analysis in a Fourth Amendment case. The common law source for the standard in this context is with the tort of “intrusion upon seclusion.” Under New Jersey law, that tort is committed when one intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns, in a manner that would be highly offensive to a reasonable person. (This language comes from the Restatement (Second) of Torts § 652B.)

In this situation, the court found that plaintiff had both a subjective and objective expectation that the messages would be private. Supporting her subjective belief was the fact that she used a private email account that was password protected, instead of her work email account. And she did not store her password on the computer. Her belief was objectively reasonable given the absence of any discussion about private email accounts in the company policy.

Plaintiff’s expectation of privacy was also bolstered by the fact that the email messages were not illegal, nor would they impact the performance of the employer’s computer system. And they bore all the “hallmarks” of attorney-client communications.

For all these reasons, not the least of which the priority of the courts “to keep private the very type of conversations that took place here,” the court found that the conversations were protected by the attorney-client privilege.