Monday, March 24, 2014

Swinging, Interception and Unauthorized Access

This post examines an opinion a federal judge in Alabama issued in a civil suit:  Michael and Tanya Bruce sued Joshua McDonald, James R. McKoon, Jr., and Melissa B. Thomas and her law firm, asserting interception, disclosure, and use of electronic communications in violation of the Wiretap Act of 1968, as amended, 18 U.S. Code § 2511.”  Bruce v. MacDonald, 2014 WL 931522 (U.S. District Court for the Middle District of Alabama 2014).

In this opinion, the judge is ruling “on the parties various cross-motions for summary judgment”.  Bruce v. MacDonald, supra.  As Wikipedia explains, in U.S. legal practice,

summary judgment can be awarded by the court before trial, effectively holding that no trial will be necessary. Issuance of summary judgment can be based only upon the court's finding that:

  1. there are no disputes of ‘material’ fact requiring a trial to resolve, and
  2. in applying the law to the undisputed facts, one party is clearly entitled to judgment.

A party seeking summary judgment (or making any other motion) is called the `moving party’. A `material fact’ is one which, depending upon what the factfinder believes `really happened,’ could lead to judgment in favor of one party, rather than the other.

Sometimes, as in this case, both sides, i.e., the defendants and the plaintiffs move for summary judgment . . . which is what this judge is ruling on.

According to the judge, this is how the suit arose:

At issue in this case is McDonald's access to three electronic accounts: Mrs. Bruce's individual email account hosted by; second, the joint email account the Bruces shared; and third, a joint account the Bruces shared on a website called `Adult Friend Finder’ (or `AFF’).

McDonald first gained access to Mrs. Bruce's individual Yahoo account. There is some dispute about how, exactly, [he] did so. The record contains evidence that Mrs. Bruce may have logged into her individual account on McDonald's computer and failed to log out; or that McDonald may have observed her enter her password for that account; or that Mrs. Bruce may have given McDonald the login information for that account on one occasion for the limited purpose of printing tickets for a joint activity with their child. In any event, Mr. McDonald has acknowledged he had no permission to read the emails in Mrs. Bruce's individual account, with the possible exception of printing the tickets. . . .

McDonald later also gained access to the joint Yahoo account and the AFF account. He located an email from Mr. Bruce to Mrs. Bruce, in her individual account, which contained their joint AFF login information. He used that information to access private messages in the AFF system (which functions in a similar way as email, but only among AFF users). . . . The record does not clearly indicate how McDonald gained access to the joint Yahoo account. However, that he accessed all three accounts is clear because he printed out hundreds of pages of emails and documents from the three accounts. 

The documents McDonald obtained and printed relate to mostly the Bruces', within their committed relationship, engaging in sexual conduct with other individuals, commonly referred to as `swinging.’ The documents and photos are very sexually explicit. A packet of the documents was anonymously sent to the Alabama Board of Pharmacy and allegedly played a role in adverse action regarding Mrs. Bruce's pharmacist's license. . . . The Bruces believe McDonald sent the packet and also that information about their sexual lifestyle was disclosed to other individuals, including McDonald's co-workers and current wife; the defendants dispute this. It is, however, undisputed that McDonald provided copies of all the documents to his attorney in the child-custody case, Melissa B. Thomas, who is the principal of the Thomas law firm. Thomas, in turn, engaged another attorney, James R. McKoon, Jr., as co-counsel.

The attorneys concluded they could lawfully use that evidence in the custody case. Thomas produced the documents to Mrs. Bruce's counsel in discovery in the state matter. The parties obtained a protective order from the state-court judge governing the use of the documents. Thomas marked and referred to some of the documents as exhibits at Mrs. Bruce's deposition in that case and alluded to the information contained in them in argument to the state judge; she may have also disclosed them to the mediator during the course of mediation. The parties reached a new agreement as to custody. This agreement resulted in increased custody time for McDonald, specific limitations on Mrs. Bruce's sexual activities, and other terms benefitting McDonald.

The Bruces then brought this lawsuit, alleging that McDonald illegally intercepted their electronic communications and that McDonald, McKoon, and Thomas and her law firm illegally disclosed and used those communications. All parties seek summary judgment on all the claims.

Bruce v. MacDonald, supra. 

The judge then outlined the applicable law:

In 1986, Congress amended the Wiretap Act of 1968 to protect electronic communications as well as traditional wire communications (such as telephone calls).As amended by Title I of the Electronic Communications Privacy Act of 1986, Pub.L. No. 99–508, 100 Stat. 1848 (1986), the Wiretap Act now imposes criminal and civil liability on any person who `intentionally intercepts . . . any . . . electronic communication.’ 18 U.S. Code § 2511(1)(a).

The Wiretap Act also imposes liability on any person who `intentionally discloses,’ 18 U.S. Code § 2511(1)(c), or `intentionally uses,’ 18 U.S. Code § 2511(1)(d), the contents of an electronic communication `knowing or having reason to know’ the communication was intercepted in violation the Wiretap Act. Thus, `interception’ is a necessary element for each type of violation.

Bruce v. MacDonald, supra. 

And he explained that the Bruces

have alleged violations of all three sections. In essence, they argue that McDonald `intercepted’ their personal emails and AFF messages by logging into the three accounts without their authorization. The defendants all argue that there has been no interception within the meaning of the Wiretap Act. 

Bruce v. MacDonald, supra. 

As the judge noted, the Wiretap Act

defines `intercept’ broadly, as `the aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device.’ 18 U.S. Code § 2510(4). However, the [U.S. Court of Appeals for the 11th Circuit] has adopted a `narrow reading’ of `interception’ in the context of electronic communications. U.S. v. Steiger, 318 F.3d 1039, 1050 (11th Cir. 2003).

In Steiger, the appellate court concluded that to constitute an interception, the electronic communications must have been acquired `contemporaneously with their transmission.’ Id. at 1049. See also id. at 1048–49 (`we hold that a contemporaneous interception-i.e., an acquisition during “flight” -- is required to implicate the Wiretap Act with respect to electronic communications’).

Bruce v. MacDonald, supra. 

In the Steiger case, which was a criminal prosecution,

the court rejected a motion to suppress certain documents and information a hacker had obtained without permission from the defendant's computer and subsequently had provided to the police.  Applying the `contemporaneous’ test to those facts, the court found no interception:

 `In this case, there is nothing to suggest that any of the information provided [by the hacker] was obtained through contemporaneous acquisition of electronic communications while in flight. Rather, the evidence shows that the source used a Trojan Horse virus that enabled him to access and download information stored on Steiger's personal computer. This conduct, while possibly tortious, does not constitute an interception of electronic communications in violation of the Wiretap Act.’

Bruce v. MacDonald, supra. 

Here, the Bruces argued that

Steiger is factually distinguishable from the instant case. In this case, they note, McDonald was not accessing files stored on the Bruces' computers, but was repeatedly accessing their web-based email and AFF accounts over an extended period of time. 

Bruce v. MacDonald, supra. 

In making this argument, the Bruces relied on the U.S. Court of Appeals for the 7th Circuit’s decision in U.S. v. Szymuszkiewicz, 622 F.3d 701 (2010).   Bruce v. MacDonald, supra.  In Szymuszkiewicz, the 7th Circuit upheld the defendant’s

conviction under the `interception’ provision of the Wiretap Act for setting up a process whereby the defendant's supervisor's emails were automatically forwarded to the defendant's email account for an extended period of time. The defendant had argued there was no `interception’ because the forwarding happened only after each email arrived in the supervisor's inbox. The court found, first, that the jury could have concluded, as a factual matter, that this was not so; indeed, the evidence indicated that the email server, rather than the supervisor's computer, duplicated each message. But the court went on to find that even if the supervisor's computer did copy each message, that would not change the outcome of the case:

`Either the server in Kansas City or [the supervisor's] computer made copies of the messages for Szymuszkiewicz within a second of each message's arrival and assembly; if both Szymuszkiewicz and [the supervisor] were sitting at their computers at the same time, they would have received each message with no more than an eyeblink in between. That's contemporaneous by any standard.’

Bruce v. MacDonald, supra (quoting U.S. v. Szymuszkiewicz, supra).

The court also noted that the Bruces claimed that because McDonald had access

to the email accounts on a continuous basis, he could have viewed any given message sent or received by those accounts as soon as it hit the inbox (or the sentmail folder). Thus, hypothetically, `if both [Mr. McDonald] and [Mrs. Bruce] were sitting at their computers at the same time, they would have received each message with no more than an eyeblink in between.’  . .

But this argument ignores the critical distinction: in Szymuszkiewicz, the evidence showed each email actually was forwarded to the defendant's account contemporaneously with its transmission. In this case, the Bruces argue that McDonald had access to the accounts and could have accessed some particular email contemporaneously with transmission. But there is no evidence in the record to indicate that he ever actually did so. . . .

Bruce v. MacDonald, supra (emphasis in the original).  

The judge noted that

[t]his is not to say that mere access, without some duplication device, could never amount to interception. If the Bruces could establish that McDonald had actually acquired even one message contemporaneously with its transmission, they might be able to show interception.

That question is not before the court because there is simply no such evidence in this case. `Rather, the evidence indicates that [McDonald] periodically accessed [the] accounts and printed e-mails [and other documents] after they had been delivered.’ Pure Power Boot Camp, 587 F.Supp.2d 548 (U.S. District Court for the Southern District of New York 2008).  That is insufficient to establish an interception.

Bruce v. MacDonald, supra. 

The judge therefore ordered that “summary judgment will be entered in favor of McDonald, AMcKoon, and Thomas and her law firm and against the Bruces.”  Bruce v. MacDonald, supra.  That effectively ends the lawsuit, unless the Bruces appeal the judge’s decision to the 11th Circuit Court of Appeals . . . and win. 

No comments: