« Former Employee's 'Email Barrage' Does Not Support CAN-SPAM or Computer Fraud and Abuse Act Claims -- Nyack Hosp. v. Moran | Main | My RapLeaf Profile is Amusingly Mistaken. This is What the Fuss is All About? »
October 24, 2010
Court Orders Disclosure of Facebook and MySpace Passwords in Personal Injury Case -- McMillen v. Hummingbird Speedway
[Post by Venkat]
McMillen v. Hummingbird Speedway, Inc., et al., Case No. 113-2010 CD (Pa. Ct. of Common Pleas) (Sept. 9, 2010)
There have been several recent cases dealing with discovery of social networking evidence in a civil dispute. A central issue in the background of all these cases is that an opponent is typically entitled to relevant information from the other side's social networking profiles, but turning over the entire profile wholesale may not adequately protect the privacy interests of the party whose information is turned over. One court in Pennsylvania didn't bother grappling with this dispute, and went to the extreme. The court didn't just order relevant portions of the profiles turned over, it granted defendant's discovery request seeking the plaintiff's passwords (i.e., ordered the plaintiff to turn over his passwords to the defendant).
Background: The basic facts should sound familiar by now. Plaintiff suffers personal injury (in this case he was rear-ended during a "cool down lap" following a stock car race at the defendant's track). Following the injury and the lawsuit, plaintiff posts material about his recreational activities (in this case a fishing trip and attendance at the Daytona 500 race). Defendant seeks full discovery of plaintiff's social networking sites to look for evidence which discredits plaintiff's claim that plaintiff is unable to enjoy life as a result of the injury.
Here, rather than asking the plaintiff to turn over the content of the profiles or relevant information in the profiles, counsel for defendant actually asked plaintiff for the login names and passwords for any of plaintiff's social networking accounts.
The court's ruling: The court looks to whether the information is privileged under Pennsylvania law. The court starts off from a skeptical point, noting that no "social network site privilege" had been adopted by the legislature or appeals courts. The court is reluctant to recognize a new privilege but nevertheless looks at the test for when a privilege applies. After walking through the four factor test that a party seeking to assert a privilege must satisfy, the court focuses on confidentiality, which is one of the four elements. With respect to confidentiality of communications, the court cites to the Facebook and MySpace terms of service which (according to the court) make clear to users that there should be no expectation of confidentiality in anything that is posted to (or sent through) Facebook or MySpace. The court additionally thinks that the social nature of the sites make any expectation of confidentiality on the users' part unrealistic:
Facebook, MySpace, and their ilk are social network computer sites people utilize to connect with friends and meet new people. That is, in fact, their purpose, and they do not bill themselves as anything else. Thus, while it is conceivable that a person could use them as forums to divulge and seek advice on personal and private matters, it would be unrealistic to expect that such disclosures would be considered confidential.
This, along with several provisions of the Facebook and MySpace terms lead the court to reject the privilege. The court also applies Wigmore's test for when it is appropriate to recognize a privilege, and comes to the same conclusion:
no person choosing MySpace or Facebook as a communication forum could reasonably expect that his communications would remain confidential, as both sites clearly express the possibility of disclosure. Confidentiality is not essential to maintain the relationships between and among social network users, either. The relationships to be fostered through those media are basic friendships, not attorney-client, physician-patient, or psychologist-patient types of relationships, and while one may expect that his or her friend will hold certain information in confidence, the maintenance of one's friendships typically does not depend on confidentiality. [emphasis added]
This seems like a pretty untenable conclusion, for a variety of reasons.
For starters, the court totally glosses over the relevance analysis. There is no way that all of the information in the plaintiff's social networking site can be relevant to the dispute, and the court's decision grants defendant access to both relevant and irrelevant information. There's also information that is likely to be private or sensitive and which may subject the plaintiff to embarrassment. State evidence rules likely protect against disclosure of this type of information, or at least place limitations on the use of this information, and the court's order doesn't take this into account at all.
The court's read on Facebook and MySpace's ability to disclose or access the content of profiles also seems off. As mentioned in Crispin v. Audigier, these sites make available private messaging functionality that is similar to email. Several courts have concluded private messages sent through social networking sites are protected from disclosure by the Stored Communications Act. The court's decision here contains no discussion of this, and disclosure may even violate the Stored Communications Act. Although these companies make private messaging and email services available, this should not cause them to be viewed as a third party "in whose presence" the communication is made. (Accepting the court's view would mean that communications made through Google, Yahoo, and every other ISP or email provider would not be confidential and could never be protected by any privilege.)
There's also the issue that disclosure of the passwords may provide defendant access to plaintiff's other accounts (such as his account with Amazon or his bank account), given that people use the same password among multiple sites. The password also allows the defendant to post as the plaintiff, to edit the plaintiff's profile, use or download apps, change privacy settings (etc.). I would guess there's some implied obligation on the part of the defendant (or its counsel) to not misuse the password, but the court did not even bother spelling out that the defendant had to maintain the password as confidential or not use it for any of these purposes.
One hopes that the court takes a second look at this and changes course (or that the decision will be reversed on appeal), because it certainly seems like there are some key issues that the court did not take into account. Interestingly, I don't think Facebook weighed in on this (it may not have had notice). It should weigh in.
Takeaways for litigants: One big takeaway for litigants is that anything posted to social networking sites is fair game, among other reasons, because courts may not appreciate the nuances between truly private messages and public posts. There are gradations of private information, and Facebook itself says that it gives users the tools to control how private or public they want their messages to be. (The private user group posts from the Finkel v. Facebook case is a good example of information that's sort of in-between.) In any event, courts don't always seem sensitive to the nuances here, and as a result, information that a user reasonably thought was private may end up being disclosed in litigation. The prudent course is to not post information on (or even send information through) a social network that you don't want to disclose to the world at large.
Takeaways for lawyers: A possible takeaway for lawyers as well. As new modes of communication emerge, and lawyers start to embrace these methods of communication, there's a question of whether lawyers should worry about things like confidentiality or attorney/client privilege for these types of communications. The obvious concerns are the social networks themselves, third parties, and communication snafus, but this case illustrates that courts may not always get it right when it comes to these communications. Lawyers probably would be wise to adopt a policy of not engaging in confidential or privileged communications with clients via social networking sites (at a minimum, until courts reach clarity on issues such as the one presented in this case).
(h/t K&L Gates's Electronic Discovery Law)
"Judge Offers to Facebook 'Friend' Witnesses in Order to Resolve Discovery Dispute -- Barnes v. CUS Nashville"
"Deleted Facebook and MySpace Posts Are Discoverable--Romano v. Steelcase"
"Facebook Messages/Wall Posts, Civil Discovery, and the Stored Communications Act -- Crispin v. Audigier"