DeSoto-Thinking-in-an-iPad-World: Another Pennsylvania Social Media Case—Largent v. Reed, Etc.
A new, Franklin County Court of Common Pleas case, Largent v. Reed, No. 2009-1823 (C.P. Franklin Cty., Nov. 7, 2011) (attested true copy reviewed by author), dealt with social media discovery in Pennsylvania. The 14 page opinion and two page order compelled the plaintiff to turn over the plaintiff’s “Facebook username email” (sic) and password for full access by defense counsel for 21 days. (emphasis added)
While trial courts in Pennsylvania develop a general rule regarding social media discovery in civil cases (and as lawyers come to terms with the reality of this media), this case hints at the potential problems with social media analysis as related to more general issues of online privacy. The danger lies with simplistic conclusions on privacy, perhaps adequate for seemingly resolving specific discovery disputes, being broadened, mis-applied, mis-cited, or mis-characterized as a general view of contemporary privacy.
[Absolutely] No Reasonable Expectation of Privacy
The opinion concludes that a Facebook user has “no reasonable expectation of privacy in material posted on Facebook.” [See *9.] Furthermore, even if a Facebook user properly uses Facebook’s privacy settings, the privacy settings are nevertheless immaterial from a discovery perspective. [See *9.]
Earlier in the opinion, the court sets-up this no-privacy argument—somewhat ironically, by quoting text about Facebook’s privacy policies. [*3–*5] The court appears to view privacy as meaning secrecy. As the court quips, “[o]nly the uninitiated or foolish could believe that Facebook is an online lockbox of secrets.” [*10]
The case follows a trend in Pennsylvania, and elsewhere, regarding discovery of social media content in civil cases. The trend follows a quasi-assumption-of-risk perspective on social media use. Materials posted by users of social media, regardless of claims of content privacy by the social media purveyors, are likely discoverable in a civil suit—especially if
- the person opposing discovery placed the materials subject to the discovery request at-issue in the matter, and
- there is some independent indication that the social media content contains relevant-to-the-issue material (something beyond mere suspicion).
While the discoverability of the material may be consistent with Pennsylvania civil practice, the court’s remedy in this case appears troubling. The court not only ordered production but ordered the plaintiff (who opposed the discovery request)
- to turn over the plaintiff’s user name and password to the defendant,
- to allow the defendant 21 days of complete access to the plaintiff’s entire account, and
- to prohibit any deletion of materials in the account by the plaintiff.
Applying eDiscovery Proportionality
The troubling degree of access suggests, for other practitioners, that voluntary delivery of truly responsive materials may provide strategic protection for the client—rather than wholesale refusal to produce and a resulting remedy of wholesale access. Simple lessons in proportionality by all sides in the discovery dispute may go a long way to avoid draconian remedies such as complete access. That is, parties should not simply ask for complete access as a matter of course (resulting in push-back opposition due to the excessive breadth of the request) but should target requests. Likewise, parties should not wholesale refuse to produce (resulting in push-back for direct access). The lesson: proportionality.
Commentary—The Troubling Nature of the Sweeping, No-Privacy Viewpoints
Unfortunately, the facts in this case make for poor law. Foremost, the plaintiffs placed their health condition at issue and then opposed discovery of Facebook materials that were purportedly related to the health condition of one of the plaintiffs (and apparently with adequate, corroborating indications that such materials existed). [See *2–*3, *8.] Thus, as is consistent with other social-media-related cases, one placing an item at issue in a case cannot complain about relevant discovery requests intended to defend against the claim.
Nevertheless, the emerging trend by courts when concluding that no privacy exists in social media (from a civil discovery perspective) raises a formidable challenge to Internet users in general—especially since so-called social media increasingly incorporates formerly diverse technologies such as messaging, file sharing, and email. [See *9 n.10] The no-privacy perspective, while an easy route in a discovery context, avoids the more nuanced assessment of contemporary expectations of privacy. My fear is that these apparent “easy” solutions in a discovery context may lead to troubling consequences by extension.
Looking Forward By Looking Back
Social media stands as a contemporary analog to the earlier rise of telegraph, telephone, and cell phone usage. That is, in each of these categories, one actually discloses material to an intermediary, third party—courts use the disclosure as the “hook” to then ignore the expectations of privacy. However, courts have plainly found that such “disclosures” in prior contexts do not unconditionally waive all expectations of privacy. See, e.g., Katz v. United States, 389 U.S. 347 (1967). The same might be said of emergent social media—is it really true that one maintains absolutely no expectation of privacy (by inference, an objective expectation) in any content posted to a social media account? Or for that matter, anything “posted” to “the Internet?” [See *9 n.10 (apparently cited for the proposition that there is no expectation of privacy in any opened email message).] The latter illustrates my concern with “extending” the purported no-privacy-in-social-media. The subtle subtext is that nothing on the Internet is private.
Trying to apply such DeSoto-thinking-in-an-iPad-world naturally generates dissonance. Privacy, in an ever-connected and increasingly life-recorded world (whether we like it or not), appears to be fundamentally changing and at a hyper-accelerated pace.
Unfortunately, cases like this one—where the simplistic analysis probably was adequate—may be mis-used, mis-applied, or mis-cited to avoid a more nuanced and complex analysis of privacy because a contemporary definition of privacy defies simple analysis. Granted, in this case, the outcome may be correct given (1) Pennsylvania’s broad discovery rules, (2) adequate indication that materials exist on the Facebook account, and (3) the fact that the opponent of the discovery request placed the very issues subject to the discovery request at-issue. However, generalized, sweeping, and simplistic conclusions on privacy may act as a troubling substitute for real discussion about contemporary privacy.
Privacy Does Exist Even in an Electronic World
Indeed, in the same month as this opinion (but after the court issued the opinion), Facebook settled a Federal Trade Commission (FTC) complaint lodged against Facebook for allegedly misleading Facebook users about privacy. See, e.g., FTC Press release, FTC Facebook Settles FTC Charges That It Deceived Consumers By Failing To Keep Privacy Promises, http://ftc.gov/opa/2011/11/privacysettlement.shtm, Federal Trade Commission Complaint, 0923184 http://www.ftc.gov/os/caselist/0923184/111129facebookcmpt.pdf and Michael Liedtke, “Facebook makes privacy pledge in FTC settlement: Agency says social network often misled users about sanctity of their info,” MSNBC.COM (Nov. 29, 2011), http://www.msnbc.msn.com/id/45479659/ns/technology_and_science-security/#.TtVmCvKwWg5. Thus, concluding that “[o]nly the uninitiated or foolish” believe that Facebook is private (and then effectively tasking Facebook users with the assumption of risk) misses fundamental issues:
- statutory law plainly shows there is an expectation of privacy in many electronic communications (see below);
- not everyone is familiar with computer technologies (even if they use them) to competently understand what is happening to their data or to justify a draconian assumption-of-risk;
- not everyone is in a position to evaluate the legal implications of statements by a third party who actively maintains that material is private (when it is not); and
- the social media technologies constantly change, social media providers alter policies sometimes without the knowledge of users, and social media technologies are complex (ironically, even this opinion recognizes Facebook’s privacy policies as “detailed [and] ever-changing” [*4]).
Again, my fear is that the analysis here is slowly becoming a general rule in Pennsylvania in one context but may lead to disturbing results by extension or mis-application.[FN1]
Time Overdue for Real Statutory Action
The point is: we need to seriously re-assess, not in legal cases but as a society, what privacy means. Courts rotely applying DeSoto-thinking-in-an-iPad-world to specific cases simply cannot (and perhaps should not) perform the complex analyses necessary to shape contemporary privacy. And while a simplistic analysis might address the matter at hand, these simplistic analyses unfortunately become fodder for mis-application or extension.
For example, the Stored Communications Act, 18 USC 2510, 2701, et seq., (SCA) bears mention here. (I purposefully gloss over a technical discussion of the SCA issues raised in this case [FN2] because of the complexity of those issues warranting separate treatment.) The 1986 SCA, the Pennsylvania analog in the Stored Wire and Electronic Communications and Transactional Records Access Act, 18 Pa. C.S. 5741, et seq., and similar statutory protections are long overdue for extensive revision or replacement. Remember, the 1986 Act arose in the era of Commodore 64s, Radio Shack TRS-80s, Compuserve, Delphi, GEnie, BBSs, and Apple IIes. Importantly, the 1986 Act thus arose well before ubiquitous personal computer use, the World Wide Web, wide-spread use of email, extensive Internet use, Wi-FI, extremely powerful computers, ubiquitous broadband connectivity, powerful mobile computing devices, and staggering data storage capacity (floppy disk capacities in 1986 were in the 150k range and cassette tape drives were still in use for data storage!). Thus, considering today’s radically changed environment, up-to-date privacy legislation (and revisiting constitutional provisions) addressing contemporary (and future) privacy issues presses.
Conclusion: The Right Tool for the Right Issue
My fear is not only the consequences of purported no-privacy in civil cases but also the general extension of no-privacy as interpreted by the courts to society. That is, the social-media-discovery-in-civil-cases issues do not exist in a vacuum. Rather, the discovery issues reflect a society wrestling with the intersection of common-place technologies and justifiable expectations of privacy (based on traditional and new mores).
Foremost, we need to get over the view that “this is new” and thus will “take time” to work out. These technologies (and behaviors arising based on the technologies) are here today; the consequences are real (assumption of risk); the inconsistencies are real (e.g., see the FTC action mentioned above and the SCA); the need for prompt and knowledgeable action is real. Until resolved, kludged views of privacy (or the apparent lack thereof) threaten.
Interestingly, NPR recently ran a piece related to this issue. See http://www.npr.org/2011/11/30/142714568/interpreting-the-constitution-in-the-digital-era. The piece also concludes that privacy issues, such as raised above, need to be handled by legislative action.
Largent v. Reed, No. 2009-1823 (C.P. Franklin Cty. Nov. 7, 2011) (attested true copy reviewed by author).
FN1— Lawyers should especially note this opinion. Tucked in a footnote [*9 n.10] is a seemingly innocuous statement related to “privacy” that potentially has profound implications for lawyers (a perspective that I have previously commented upon in a similar context). Footnote 10 cites United States v. Lifshitz, 369 F.3d 173, 190 (2d Cir 2004), for the proposition that “[Computer users have no reasonable] expectation of privacy in transmissions over the Internet or e-mail that have already arrived at the recipient.” Compare to Pennsylvania Informal Opinion 97-130 (Sept. 26, 1997), ABA Formal Opinion No. 99-413 (Mar. 10, 1999), and ABA Formal Opinion 11-459 (Aug. 4, 2011). See my concern? (I am working on an article on this very point.)
FN2—I gloss over the discussion of the Stored Communications Act (and strangely not briefed or not cited in the opinion, the Pennsylvania analog) due to the complexity of these statutes (issues far beyond this article). Nevertheless, the SCA does inform on situations such as this case. But interestingly, the court dispensed with the SCA claims in this case by concluding that the plaintiff was not a protected entity per the SCA. [*10–12] In my opinion, this seriously conflates significant parts of an SCA analysis. Furthermore, the court circumvents the SCA issue by ordering direct access to the Facebook user’s account by the defendant for up to 21 days (in apparent conflict with Facebook’s Terms of Service).
Original Posting: 2011-11-30
Minor Update: 2011-12-06
Addendum Update: 2011-12-07
Minor Textual Update: 2011-12-30
Original News of the Case Citation
Ben Present, No Reasonable Expectation of Privacy on Facebook, Pa. Judge Says, The Legal Intelligencer (Nov. 23, 2011), available at http://www.law.com/jsp/lawtechnologynews/PubArticleLTN.jsp?id=1202533320095&No_Reasonable_Expectation_of_Privacy_on_Facebook_Pa_Judge_Says=&et=editorial&bu=LTN&cn=LTN_20111123&src=EMC-Email&pt=Law%20Technology%20News&kw=No%20Reasonable%20Expectation%20of%20Privacy%20on%20Facebook%2C%20Pa.%20Judge%20Says
Pennsylvania Social Media Case—Largent v. Reed