Facebook Messages/Wall Posts, Civil Discovery, and the Stored Communications Act — Crispin v. Audigier

[Post by Venkat]

Crispin v. Audigier, Case No. CV 09-09509 MMM (JEMx) (May 26, 2010)

With the proliferation of the use of social network profile evidence, it was only a matter of time before a court dealt with the issue of whether you can subpoena someone’s Facebook page in a civil lawsuit. A judge in the Central District of California looks at the issue in Crispin v. Audigier [scribd].

Facts: Crispin sued Audigier, alleging that Crispin granted Audigier an oral license to use some of Crispin’s works of art in connection with the manufacture of garments by Audigier. Crispin alleged that Audigier (1) failed to include Crispin’s logo on the garments; (2) wrongly attributed Crispin’s work to another artist; and (3) wrongly sublicensed Crispin’s copyrighted material without permission. Crispin brought a variety of claims, including copyright infringement claims. Audigier subpoenaed third party businesses, including Media Temple, Facebook, and MySpace, seeking communications between Crispin and a tattoo artist (those communications which referenced or related to Audigier). [If I were the judge, I would have said this was awfully close to fishing expedition territory.]

14 days after Audigier served the subpoenas, Crispin moved to quash the subpoenas. [Facebook, MySpace, and Media Temple did not appear or file pleadings.] The magistrate judge found that the Stored Communications Act did not apply, and in any event only precluded voluntary disclosure (and did not apply to compelled disclosure pursuant to a civil subpoena). Finally, the magistrate judge found that the SCA only prohibited disclosure of communications held “in storage,” which wasn’t the type of information covered by the subpoena.

The Court’s Ruling: The court largely reverses Magistrate Judge McDermott’s ruling in an order that contains a lengthy discussion on the applicability of the Stored Communications Act to Facebook and MySpace profiles, wall posts, and messages. I can’t tell if this case breaks any new ground (or whether the case gets it right), but given the growing importance of social networking evidence, I thought it was worth mentioning. (This post by David Johnson provides a good, basic overview of the issues at play: “Employer Access of Employee Digital Communications and Federal Wiretap Laws: It’s Easier to Be Found Immune if the Communications Reside on Your Servers.”)

A summary of the court’s order:

1. The Stored Communications Act (passed in 1986) is woefully out of date, and was “enacted before the advent of the [web] and before introduction of the web browser . . . ” In those days, “few could afford to spend hours casually exploring . . . [the internet] . . . .”

2. A third party whose information is sought by this type of a subpoena has “standing to move to quash a subpoena seeking personal information protected by the SCA.”

3. 18 U.S.C. sec. 2703(e) does not permit disclosure pursuant to a civil subpoena.

4. Do not, under any circumstances, cite to Wikipedia as a source for a key factual issue (the court drops a footnote citing to Badasa v. Mukasey (“Respondent is admonished from using Wikipedia as an authority in this District again. Wikipedia is not a reliable source at this level of discourse.”)). [emphasis added]

5. Facebook, Media Temple, and MySpace provide “private messaging or email services . . . such services can constitute [‘electronic communications services’] . . . .” Case law looking to the treatment of private BBS services is helpful. Public BBS services are not entitled to protection under the SCA.

7. The privacy settings of services such as Facebook affect the outcome:

[since] Facebook permits wall messages to ‘be viewed by anyone with access to the users profile page‘. . . there is no basis for distinguishing between a restricted-access BBS and a user’s Facebook wall or Myspace comments. There similarly is no basis for distinguishing between Media Temple’s webmail and Facebook’s and MySpace’s private messaging, on the one hand, and traditional web-based email on the other. As a consequence, the court concludes that each of Media Temple, Facebook, and MySpace is an ECS provider.

8. That Facebook, MySpace and Media Temple are ECS providers doesn’t end the analysis. “The court must also determine whether the information sought by the subpoenas . . . constitute ‘electronic storage’ within the meaning of the statute.”

9. Citing to the City of Detroit text messaging decision (Flagg v. City of Detroit) the court notes that “an ECS provider [becomes] an RCS [remote computing service] provider after a communication has been read and stored.” It seems factually unclear (but legally relevant) as to whether the services provide storage or backup/archival services.

10. Unlike the “messages,” the “Facebook wall and MySpace comments present a distinct and more difficult question”:

in the context of a social-networking site such as Facebook or MySpace, there is no temporary, intermediate step for wall postings or comments. Unlike an email, there is no step whereby a Facebook wall posting must be opened, at which point it is deemed delivered. Thus a Facebook wall posting or a MySpace comment is not protectable as a form of temporary, intermediate storage.

The court concludes that “the postings, once made, are stored for backup purposes . . . Facebook and MySpace are ECS providers as respects wall postings and comments. . . .”

11. In the alternative, the court holds that Facebook and MySpace are RCS providers with respect to the wall postings and comments.

End Result: the court quashes the portions of the Facebook and MySpace subpoenas that sought “private messaging,” and remands for further development of the record on the wall postings and comments.

__

It’s a pretty dense order that is worth reading, if nothing, to get a sense of the complexity of the issues that arise in this context, and the lay of the land as far as case law.

From a practical standpoint, obtaining Facebook messages and private profile information in a civil lawsuit seems fairly tricky (although judging from media reports, people must do it all the time). Assuming you can’t get access to some or all of this information through a subpoena, one option is to get the party (whose records are sought) to sign a consent or waiver. This has the downside of giving the party seeking the information access to all of the witness’s information, including irrelevant, privileged, or other information that should remain private. As best as I know, Facebook doesn’t perform e-discovery services on the side – you can’t provide Facebook a set of search parameters and get Facebook to produce information that falls under those parameters. (Here’s a good post on the topic, with references and suggestions: [pdf] “Obtaining Records From Facebook, LinkedIn, Google and Other Social Networking Websites and Internet Service Providers.”)

Another interesting aspect of the dispute is that Facebook didn’t appear or file any pleadings. I assume Facebook has a blanket policy objecting to these types of subpoenas, but maybe timing was an issue here? In contrast, Facebook recently successfully quashed a subpoena issued to it in another civil case (Barnes v. CUS Nashville, LLC, No. 3:09-0764 (M.D. Tenn.) (May 27, 2010)). There, the magistrate judge concluded that “the SCA prohibit[ed] the disclosure of [the sought after] information in response to a subpoena” [citing Flagg v. City of Detroit].

Finally, the court looks to the effect of privacy settings for Facebook pages. I wonder if the ability of Facebook friends to “share” postings affects the outcome? How about Facebook’s constantly changing privacy policy and settings?

In any event, parties (employers, and even lawyers) should tread carefully here. See, e.g., Theofel v. Farey-Jones and Hillstone Restaurant Group v. Pietrylo.