- eLessons Learned
- Press and Publicity
- About Our Team
- Contact eLL Blog
Employers should take note: erasing and taping over messages that relate to a fired employee is never a good idea. Employers who engage in this type of practice will never escape the wrath of a judge when the fired employee inevitably brings a wrongful termination. Eventually, such action catches up with the defending company and they will have to pay a steep price. Take, for instance, the case Novick v. AXA Network, LLC. The plaintiff was asking the judge for sanctions to be imposed on the defendants because he claimed that the defendants spoliated audio recordings and emails from an eight-week stretch, which ran from late August until early November 2006. The defendants admitted that recordings from this time period were likely erased and taped over. The problem here is that this stretch of time covers the time directly before and directly after Novick’s termination. It should seem obvious to anyone that a company’s failing to preserve any recordings regarding a former employee’s termination is a terrible idea and will likely hurt one’s case in court. It should instead be common sense that when an employee is terminated, and certainly when that termination is contentious, a lawsuit is foreseeable. Thus, the employer should take care to preserve anything that might come into play at trial. Novick asked the judge to sanction the defendants for the spoliation of emails. The defendants could not produce any emails between the two employees at AXA Network, who took over Novick’s accounts, and Novick’s former clients. If these employees were involved with Novick’s clients after Novick was fired, it is only logical that there would have been emails taking place between these employees and those clients! Nevertheless, the defendants could not produce a single e-mail. Sanctions can be imposed on a party for spoliation in violation of a court order under Rule 37(b) of the Federal Rules of Civil Procedure or, where there has been no violation of a court order, a judge can impose sanctions for spoliation under the court’s “inherent power to control litigation.” West v. Goodyear Tire & Rubber Co., 167 F.3d 776, 779 (2d Cir. 1999) (emphasis added). For the court to exercise its inherent power, there must have been a showing of bad faith. United States v. Int’l Bhd. of Teamsters, 948 F.2d 1338, 1345 (2d Cir. 1991). The Novick court in this case found that the defendants did spoliate the audio recordings because they were notified in October 2006 to preserve the recordings for future litigation and to produce those recordings to the plaintiff. In addition, the defendants provided no reason for why or how these recordings were missing. Unsurprisingly, the court suggested that such behavior indicates that the company acted deliberately and therefore possessed a culpable state of mind. The defendants acted in bad faith. The court did not find that the defendants spoliated the email messages, but it still believes they acted in bad faith with respect to the production of the emails because the company failed to search one of their email archives for months due to what was claimed as “human error.” This was clearly a delay tactic, further warranting sanctions. The court invoked its inherent power to control litigation because the defendants acted in bad faith, employed delay tactics, caused substantial costs to be incurred by the plaintiff, and wasted the court’s time. The court imposed an adverse inference jury instruction. Adverse inference instructions can be imposed against a party who had an obligation to preserve evidence at the time it was destroyed, who destroyed the evidence with a culpable state of mind, and who destroyed evidence that was relevant to the opposing party’s claim or defense. Residential Funding Corp. v. DeGeorge Fin. Corp., 306 F.3d 99, 107 (2d Cir. 2002). The clear takeaway from this case is that it is better to be safe than sorry; if it is reasonable that a lawsuit may be brought against you, take all measures to preserve any evidence that might have anything to do with that future case. Preserving the evidence will not hurt, but failing to do so will. Logan Teisch received his B.A. in Government and Politics from the University of Maryland, College Park in 2012. He is now a student at Seton Hall University School of Law (Class of 2015), focusing his studies in the area of criminal law. Logan’s prior experiences include interning with the Honorable Verna G. Leath in Essex County Superior Court as well as interning with the Essex County Prosecutor’s Office. Want to read more articles like this? Sign up for our post notification newsletter, here.
Companies issue laptops to their employees to be used for business purposes both in the office and at home. A company’s distributing laptops is joined with the company’s responsibility to preserve the electronically stored information (ESI) when litigation is reasonably anticipated. Every company has its own “ordinary business protocol” to be used in relation to these laptops when a situation requires it, but sometimes these protocols lead to bigger issues. In Hawley v. Mphasis Corp., the United States District Court for the Southern District of New York granted an adverse inference instruction regarding a supervisor’s laptop, but not for the employee laptop. In Hawley, an employee of the defendant company brought an employment discrimination claim and moved for sanctions against the defendant for alleged discovery violations; those of which, in particular, were violations regarding spoliation of information on two company laptops. The employee alleged that the company deleted all information from his work laptop, as well as his supervisor’s information, and did not produce records vital to the defendant’s case. The company countered, arguing that clearing the hard drive of a former employee’s laptop was the business protocol. In evaluating the request for an adverse inference sanction, the district court explained that the plaintiff must demonstrate: “(1) that the party having control over the evidence had an obligation to preserve it at the time it was destroyed; (2) that the records were destroyed with a culpable state of mind; and (3) that the destroyed evidence was relevant to the party’s claim or defense such that a reasonable trier of fact could find that it would support that claim or defense.” Hawley v. Mphasis Corp., No. 12 Civ. 592 (DAB) (JLC), 2014 WL 3610946, at *7 (S.D.N.Y. July 22, 2014) (quoting Residential Funding Corp. v. DeGeorge Fin. Corp., 306 F.3d 99, 107 (2d Cir. 2002)). As to the supervisor’s computer, the court held for an adverse inference sanction because the company had a duty to preserve the supervisor’s data from the time of the EEOC filing. Furthermore, the company negligently destroyed the records on the laptop , which were found to be highly relevant to the employee’s case. In regards to the employee’s computer, the court found both a duty and the requisite culpability; however, the court did not believe that the employee sufficiently proved how relevant the information was to his case. The lesson to extract from this case is that the courts do not care if your company’s protocol requires one procedure to be followed (i.e., wiping a hard drive) when it comes to the spoliation of relevant evidence. The company’s wiping the hard drives is trumped by a duty to preserve data when a lawsuit is reasonably anticipated. The ruling in Hawley demonstrates that, in an employment case, the receipt of an EEOC charge triggers the obligation to preserve all data, but it could arise earlier depending on the circumstances. Be aware of when a lawsuit is reasonably anticipated and do not hesitate to act and preserve. Such awareness will help your company in the long run. With that, be on top of the individuals responsible for preserving company data and ensure those individuals are complying with company policy. One does not want to need a hard drive that has no data saved on it. Evidence must be preserved until litigation is resolved or no longer reasonably anticipated, and as courts become stricter with this rule of law, so should every company. A look at the circumstances and a possible deviation from ordinary protocols may be needed. For more information on the case used as precedent, Residential Funding Corp. v. DeGeorge Fin. Corp., click here: http://caselaw.findlaw.com/us-2nd-circuit/1003010.html. Amanda is a third year student at Seton Hall University School of Law, where she is pursuing a J.D. with a certificate in Health Law. Prior to law school, she was a 2011 magna cum laude graduate of Seton Hall University, where she earned Bachelor of Arts in Political Science and a minor in Philosophy. Presently, she is a law clerk at a small firm handling real estate and bankruptcy matters. After graduation this native New Yorker hopes to work at a mid-sized firm in the Big Apple. Want to read more articles like this? Sign up for our post notification newsletter, here.
In a case dealing with gender discrimination between female employees and a large advertising conglomerate, the plaintiffs filed claims against the defendants under Title VII of the Family and Medical Leave Act, the Equal Pay Act, the Fair Labor Standards Act, and similar New York labor laws. After the plaintiffs objectioned to the defendants’ use of computer-assisted review and search method, United States Magistrate Judge Andrew J. Peck opined that computer-assisted review is an acceptable search method for relevant ESI in appropriate cases. Throughout his opinion, Judge Peck referred to articles and public statements he had made prior to the case on his beliefs of the value of computer-assisted review. Judge Peck explains his interactions with the two parties involved started at the first discovery conference, which took place on December 11, 2011. While, both parties had discussed ESI protocol, the plaintiffs were reluctant to accept the defendant’s utilization of predictive coding to gather the relevant documents among the three million electronic documents from the agreed-upon custodians. In a later discovery conference, the court refuted the defendants’ proposal to cutoff production at the most relevant 40,000 documents due to expense, explaining that proportionality must consider cost and results in gathering the most likely highly responsive documents. The court went on to agree with the defendants on other factors concerning document production and custodians due to the fact that the plaintiffs could not give meaningful reasons for the inclusion of other custodians and emails or assert a likelihood that the information could be found through other reasonable discovery procedures. On February 8, 2012, after going through the main issues that were holding up the discovery process, Judge Peck acknowledged that the defendants agreed to provide the plaintiffs with all seed documents and protocol in determining relevant ESI throughout the computer-assisted review process. With that knowledge, Judge Peck accepted the proposal that defendants submitted to the plaintiffs and the court for producing relevant ESI, and acknowledged that computer-assisted review was an efficient and officially judicially approved method for ESI protocol and production when given the appropriate case. On February 8, 2012, the plaintiffs filed an objection to the court’s ruling.
Facts of the Case The employee in this case was not some floozy with limited knowledge of how the world works. Rather, he was a veteran sergeant of the Ontario, California, police force and a member of its S.W.A.T. team. In 2001, the Ontario Police Department (OPD) issued alpha-numeric pagers to his team in order to facilitate communications between members, which, as you can imagine, would be extremely useful in the field and efficient at the office. OPD then put in place a “Computer Usage, Internet and E–Mail Policy” which the employee signed a statement that said he had read and understood the policy. It expressly reserved the right to monitor all of the network activity, which included e-mail and Internet use. Additionally, the policy said that there should be no expectation of privacy when using the network. The problem was that the computer policy did not cover text messaging, at least expressly, since the pagers were contracted out to a company called Arch Wireless. Therefore, all communication passed through their network, and a copy of all communications was retained on their servers after delivery. However, the OPD made it clear to all of its employees, in a meeting that the employee attended, that the messages sent on the pagers were to be treated as e-mails, meaning that they were subject to the same computer policy. As it turned out, the employee exceeded his monthly text character allotment, almost immediately, and for a period of a few months. He paid for those overages, but the OPD decided that enough was enough. The police chief launched an investigation, ostensibly in order to determine whether the employees were being forced to pay out of pocket for overages on work-related messages due to an overly-restrictive character limit, or if the messages were personal. Transcripts of the messages from the previous 2 months were obtained, and revealed material that was personal, and some sexually explicit, in nature. The employee was then disciplined. Claims by the Employee The employee essentially brought two claims: 1) that the OPD violated the Stored Communications Act (SCA) and 2) his Fourth Amendment privacy rights, by obtaining and reviewing the transcripts of the messages. The first claims was not before the Supreme Court on its merits, since the lower court decided that Arch Wireless was forbidden to turn over the transcripts, and this was not contested. However, the Fourth Amendment claim was alive and well. As with most Fourth Amendment claims, the crux of the issue is whether there is a reasonable expectation of privacy that was violated. The Fourth Amendment guarantees the right of people to secure against unreasonable searches and seizures by the government of their stuff. This has been applied to the government acting as an employer as well. The analysis of such claims, however, was the subject of dispute among the Supreme Court justices in a case called O’Connor v. Ortega. In that case, the plurality opinion of the Court said that the question of whether an employee has a reasonable expectation of privacy is to be decided on a case-by-case basis. If there is an expectation of privacy, is an intrusion on that reasonable under the circumstances. Justice Scalia said that there is a blanket expectation of privacy for government employees, but the employers can search to retrieve work-related materials, etc. Here, the Court expressly punted the issue of whether there was, or is, an expectation of privacy for communications made on electronic equipment owned by a government employer. The Court cited the difficulty in predicting how the expectation of privacy will be shaped by the rapid changes in the dynamics of communication and information transmission. Instead, the Court cautioned “prudence” to avoid deciding this important issue, and instead decided the case without it. The Court stated that even if the employee had a reasonable expectation of privacy in his messages, and therefore protected by the Fourth Amendment, the “search” done by OPD didn’t necessarily violate it. The “special needs” of the workplace were said to be an exception to the rule that all warrantless searches are automatically unreasonable. There was a reasonable ground for assuming that the search was necessary for a work-related purpose, not just to invade the employee’s privacy. Rather, their interest was to ensure the employees were not paying out of pocket for work-related expenses. Therefore the review of the transcripts was reasonable. Also, the employee should not have expected that his messages were going to remain private under all circumstances, since he was told that the messages were subject to auditing. Additionally, the scope of the search was reasonable as well, since it did not reveal the details of the employee’s life, since the private messages in the search sample were redacted. Ultimately, the sergeant should have known better than to air his dirty laundry on a government-issued communications device. Although the Court avoided deciding whether there is an expectation of privacy, they made it pretty clear that if there was a well-distributed policy, and if the review of the messages is ostensibly for work-related issues, that such a “search” will be permissible. Akiva Shepard received his J.D. from Seton Hall University School of Law in 2014. Akiva has worked for a New York State Supreme Court Judge in Kings County and for a NJ real estate firm.
On July 31, 1996, plaintiff Omega Engineering Corp. ("Omega"), a New Jersey based company, lost its computer programs relating to design and production permanently from its system. Omega manufactured “highly specialized and sophisticated industrial process measurement devices and control equipment” for NASA and the United States Navy. The deletion of these programs debilitated their ability for manufacturing as well as costed the company millions of dollars in contracts and sales. From 1985 to July 10, 1996, defendant Timothy Lloyd worked as the computer system administrator at Omega. He trained with the Novell computer network and installed it to Omega’s computer system. The program worked to ensure that all of Omega’s documents could be kept on a central file server. Lloyd was the only Omega employee to maintain the Novell client and have “top-level security access” to it; however, the defense asserted that others at the company had access. According to a government expert, access "means that ... [an] account has full access to everything on the server." Lloyd was also the only employee in charge of backing up the information to the server. In 1994 or 1995, Lloyd became difficult. The company moved him laterally in hopes of improving his behavior. A government witness testified that even though it was a lateral move, it was in fact, considered a demotion by the company. Lloyd’s new supervisor asked him about the back-up system and wanted him to loop a couple more people in but he never did. Moreover, he instituted a company-wide policy that employees were no longer allowed to make personal backups of their files. On top of the above issues, there was also a “substandard performance review and raise.” The combination of the two factors, according to the government, showed Lloyd that his employment with the company would soon be terminated. This established Lloyd’s motive to sabotage the Omega computer system. On July 10, 1006, Lloyd was terminated. On July 31, 1996, Omega’s file server would not start up. On July 31, “Lloyd told a third party, that "everybody's job at Omega is in jeopardy.” days later it was realized that all of the information contained on it were permanently lost. More than 1,200 of Omega’s programs were deleted and, as per Lloyd’s policy, none of the employees had their own personal backups. There was no way for any of these programs to be recovered. A search warrant conducted on Lloyd’s house turned up some backup tapes and a file server master hard drive. Experts hired by Omega found that the deletion of information was “intentional and only someone with supervisory-level access to the network could have accomplished such a feat.” The commands necessary to pull off such a purge were characterized as a “time bomb” set to go off on July 31st when an employee logged into the system. There was evidence found by these experts of Lloyd testing these specific commands three different times. This string of commands was further found on the hard drive that was in Lloyd’s home. Lloyd was convicted of a federal count of computer sabotage. It was remanded due to a jury member’s claimed use of outside knowledge during deliberations. Julie received her J.D. from Seton Hall University School of Law in 2014. Prior to law school, she was a 2008 magna cum laude graduate of Syracuse University, where she earned a B.A. in History and a minor in Religion and Society. After law school, Julie will serve as a law clerk to a judge of the Superior Court of New Jersey.
Background Omega Engineering Corporation, an international company based in New Jersey, was once the employer of Timothy Lloyd. To put Omega’s importance into perspective, the U.S. Navy and NASA were two of their clients for highly specialized and sophisticated industrial process measurement devices. According to testimony during the trial, Lloyd worked at Omega as its sole system administrator from 1985 through 1996. In 1995, Lloyd had undergone Novell network training and installed Novell software on Omega’s computer system. Additionally, Lloyd was the only person who maintained and had top-level access to the Omega network. Between 1994 and 1995, Lloyd became belligerent and increasingly truculent. Due to his poor interpersonal skills, he was demoted in May 1995 from manufacturing to support engineer. A woman who had once been Lloyd’s subordinate and had engaged in a romantic relationship with Lloyd, was the individual responsible for replacing Lloyd as manufacturing supervisor. In June 1996, Lloyd instituted a policy to “clean up” all of the individual computers in Omega’s manufacturing department. It was unclear as to why Lloyd was implementing company policies after his demotion. Nonetheless, the policy required employees to save their files to the company’s file server and prohibited them from making their own backups. Lloyd’s manager became suspicious of this policy and requested from Lloyd access to the file server. Lloyd never complied. By the end of June, upper management had enough of Lloyd’s behavior and terminated him in early July 1996. On July 31, Omega’s file server would not boot up. All of Omega’s manufacturing programs on the server, which contained instructions for operating the machines, were gone. Multiple computer experts were brought in to recover the files, but to no avail. The files had not only been deleted, but also had been “purged,” meaning that they were rendered unrecoverable. A leading expert on Novell networking testified at trial that this could only have been done intentionally and by someone with supervisory-level access. The government’s theory included that on July 30, anyone who would log on to the server at any time after that date would “detonate” a program installed by Lloyd that would destroy the information on the Omega file server. The government’s theory was bolstered by the fact that the Secret Service recovered missing Omega backup tapes that had been reformatted as well as a master hard drive from the file server. This had the same string of commands that had functioned as the time bomb program found on the Omega file server. The Decision Ultimately, Lloyd was found guilty of computer sabotage. The jury had deliberated for over twelve hours over the span of three days and had requested testimony in the jury room before they reached their verdict. However, three days after the verdict, one juror said that she had seen on the news, during the trial, about a computer virus called the Philippine “love bug” which allowed the perpetrator to cause great harm by flooding the victim computers and causing them to crash. Whether this affected her decision is unclear; however, the defendant claimed that his 6th Amendment rights had been violated. The district court agreed, granting a new trial. On review, the Court of Appeals reversed the district court’s holding. After a lengthy discussion, the court said that there were significant dissimilarities between the “love bug” and the “time bomb” and most jurors would not confuse the two. Therefore, the appellate court found, the defendant was not prejudiced. Lloyd’s managers should never have allowed a single employee hold as much power as they did. This case highlights the vulnerabilities the company subjects itself to if that is allowed to happen. For example, Omega lost over 1,200 programs and many current and potential clients as well. Akiva Shepard received his J.D. from Seton Hall University School of Law in 2014. Akiva has worked for a New York State Supreme Court Judge in Kings County, and for a NJ real estate firm.
In Haskins v. First Am. Title Ins. Co., the court was asked whether a title insurance company (the "Insurer") is in "control" of documents that are in not in the Insurer's possession, but where the Insurer has the contractual right to direct those with possession to produce the documents. The district court found in the affirmative, demonstrating that in some circumstances, the more extensive one's contractual rights, the more extensive its obligations in discovery. The plaintiffs sought class certification, which defined the class as all New Jersey consumers who paid premiums in excess of regulated title insurance refinance rates during the class period. The plaintiffs alleged that the Insurer had overcharged for title insurance over a period of several years. During discovery, plaintiffs sought certain documents in the possession of certain independent title agents, who were not employees of the Insurer, but with whom the Insurer had a contractual relationship. The representative contracts made all documents "available for inspection and examination by [the Insurer] at any reasonable time." The court inquired as to whether such documents are in the "control" of the Insurer, because pursuant to Fed. R. Civ. P. 34(a), a party may request another party to produce documents within that party's "possession, custody, or control." Thus, if such documents were in the "control" of the Insurer, the plaintiffs could properly request that they be produced in discovery. The Insurer argued that it should not be required to produce documents in the physical possession of its agents because it does not possess or control the requested documents. However, the court did not struggle to conclude that the Insurer's agency contracts plainly indicate that it has control over and access to the documents. It drew this conclusion based on the premise that there is control if a party “has the legal right or ability to obtain the documents from another source upon demand.” Haskins demonstrates the potential for increased discovery obligations for those that have negotiated extensive rights in contract. That is, the greater rights in contract, the potential for broader obligations in discovery. While this factor may not drive the decision making for those negotiating contracts, contract parties should at least be aware of this consequence Adam L. Peterson 2014 graduate of Seton Hall University School of Law. While at Seton Hall, Adam was a member of the Seton Hall Law Review and prior to law school Adam was an Environmental Analyst with the New York State Department of Environmental Conservation.
Richard Fraser was an independent contractor working for Nationwide Mutual Insurance Company when he was fired in 1998. Although Fraser argued that he was fired for reporting illegal policies that Nationwide had implemented, Nationwide stated he was fired because he was disloyal to the company. Nationwide found that plaintiff had drafted (but not sent) two letters to two Nationwide competitors, Erie Insurance Company and Zurich American Insurance, expressing Contractors Association members' dissatisfaction with Nationwide and seeking to determine whether Erie and Zurich would be interested in acquiring the policyholders of the agents in the Contractors Association. After discovering the letters, Nationwide also searched its mail file server and found e-mails revealing company trade secrets. Fraser filed a wrongful termination suit against Nationwide, arguing that Nationwide’s accessing Fraser’s e-mail account without permission violated the Electronic Communication Privacy Act and a parallel Pennsylvania statute. The trial court granted Nationwide’s motion for summary judgment and Fraser appealed. The Third Circuit Court of Appeals affirmed the trial court’s ruling that Nationwide had access to the independent contractor’s emails. Nationwide was found to not have violated the ECPA because Nationwide had provided the independent contractor with the e-mail account, the e-mail was hosted on Nationwide’s servers, and the e-mails were acquired after transmission of the e-mails. Therefore, the court held that the e-mails were not intercepted by Nationwide. Title 1 of the ECPA prohibits the interception of e-mails, but Nationwide argued that since the e-mails were reviewed after the transmission of the e-mail, that no interception had occurred. The court agreed and found that for one to intercept e-mail, he must occur contemporaneously, at the time of the transmission. Therefore, as long as the seizure of e-mail occurs after the e-mail is transmitted, a company does not need permission to access the independent contractor’s e-mails. Salim received his B.A. in Applied Communications, with a minor in Legal Studies, from Monmouth University. He received his J.D. from Seton Hall University School of Law in 2014. Salim’s past experiences include interning for a personal injury law firm prior to attending law school, as well as judicial internships in the Civil and Family Divisions.
In this case, Peerless Industries, Inc. sued defendants Crimson AV, LLC claiming patent infringement and design patent infringement arising out of defendant’s manufacture and sale of certain TV mounts. While not a defending party, Sycamore Manufacturing Co., Ltd. (“Sycamore”) is plaintiff's former supplier of these TV mounts and played a vital role in the alleged infringement. Sycamore is located in China, while Peerless and Crimson are both located in the United States. Plaintiffs filed two motions: (1) a motion to compel the deposition of the Sycamore’s president, Tony Jin, and (2) a renewed motion for sanctions, both of which were granted. It was also determined in a previous case that Jin exercised managerial control over both Sycamore and Crimson. Therefore, plaintiff satisfied that Mr. Jin is a managing agent of Crimson. The court stated, “Plaintiff must simply show ‘that there is at least a close question as to whether the witness is a managing agent.’ We already found this to be the case. Furthermore, Mr. Jin clearly satisfies the ‘paramount test,’ which is whether the individual identifies with the corporation's interests as opposed to an adversary's.” The court further ordered that without any showing of hardship, Jin’s deposition would have to take place in the United States and not in China. As for the plaintiff’s renewed motion for sanctions, this motion marked the third time the plaintiff filed a motion regarding the same set of documents. The plaintiff argued that at the deposition of Crimson’s managing director, “it became clear that defendant did not conduct a reasonable investigation regarding Sycamore’s document production or Sycamore’s document retention for purposes of this litigation.” The plaintiff then filed a renewed motion for sanctions. The defendant and Sycamore asserted that certain documents in Sycamore’s possession had been produced. The plaintiff noted, that defendants did not represent that all requested documents were produced or that they were searched for but no longer existed. The plaintiff argued that the defendant wanted to rely on the same declarations as opposed to issuing more specific responses. The court stated that since it had determined Jin was principal of both Crimson and Sycamore and that he exercised a considerable amount of control over both corporations, that he was able to obtain all relevant documents from Sycamore. However, the court found that defendant took a “back seat” approach and instead used a third-party vendor to collect the documents. Finding that neither Crimson nor Jin had apart in the process of obtaining the requested discovery, the court granted the plaintiff’s motion for sanctions. The court held that this “hands-off’ approach is insufficient. “Defendants cannot place the burden of compliance on an outside vendor and have no knowledge, or claim no control, over the process. Finally, the court held that defendants must show that they in fact searched for the requested documents and, if those documents no longer exist or cannot be located, they must specifically verify that it is they who cannot produce. Salim received his B.A. in Applied Communications, with a minor in Legal Studies, from Monmouth University. He received his J.D. from Seton Hall University School of Law in 2014. Salim’s past experiences include interning for a personal injury law firm prior to attending law school, as well as judicial internships in the Civil and Family Divisions. Currently, Salim is taking part in the Immigrants’ Rights/International Human Rights Clinic at Seton Hall Law.
This Article was originally published with Bloomberg Law Reports on November 9, 2011. The Internet has afforded anyone, anywhere, a wealth of information at one's fingertips. Within the current and everexpanding age of technology, Brazilian- and U.S.-based courts continue to draw legal boundaries within a seemingly boundless cyberspace. The boundlessness of the Internet, and its related technologies, transcends geographical limits and poses worldwide issues of regulation. One such technology, which has caught the attention of businesses and resulted in significant legal battles, is "scraping" - a computer software technique that extracts publicly available information from websites. While in and of itself, "scraping" may not be unlawful, courts in Brazil and the U.S. have begun to carve out permissible and impermissible uses of this technology. Brazilian Scraping Lawsuit A recent court opinion of first impression in Sao Paulo, Brazil, gives newfound meaning to ownership rights of information available on the Internet. The Brazilian court's opinion in Curriculum Tecnologia Ltda. v. Catho Online S/C Ltda., et al, examines claims of unfair competition and violation of copyright rules, as applicable to the Internet. The plaintiff, Curriculum Tecnologia Ltda. ("Curriculum"), and defendant, Catho Online S/C Ltda. ("Catho"), are employment recruitment companies, operating solely through the Internet. Thousands of individuals seeking employment use the services of these companies by posting their resumes on the respective websites. In turn, employers seeking to hire review thousands of potential candidates to fill their open positions. In fact, Curriculum is the largest employment website in Brazil, providing a meeting place for over 6 million registered applicants and 100 thousand user companies. These services allow for a faster and easier connection to the open job market. In February 2002, developers at Curriculum noticed an unusual increase in activity on their company's website. While, generally, Curriculum's customers search approximately 500 resumes per day on its website, developers became suspicious when one particular user registered over 63,000 searches in one day. Upon further investigation, Curriculum technicians blocked the particular account and tracked its origin back to a computer at Catho, the defendant competitor. As a result of its investigation and findings, Curriculum filed suit against Catho alleging various business-related claims. As the lawsuit proceeded in the normal course, fact gathering efforts revealed flagrant and deceptive practices by Catho to illegally, in violation of Brazilian law, acquire information from Curriculum's website. In short, Catho developed a program that enabled it to copy ell mass Curriculum's website information database through which it could access resumes from Curriculum's website. Once Catho gained access to the resume information, it used it for its own commercial purposes. The purpose behind Catho's efforts was to increase its own potential employee base in order to offer a wider range to online employment recruiters. Catho acquired hundreds of thousands of resumes from its competitors through the use of these and related methods. Indeed, Curriculum was not the only competitor to bring suit against Catho for these practices, as several other victims of this Internet hacking scheme brought separate actions against Catho. To appreciate the breach of security and the value of the acquired information, one must understand the function of the employment recruitment market in Brazil within which these parties operate. Both parties operate primarily as online employment search engines. Individuals who seek employment and employers who seek skilled individuals, use the services of these recruitment companies by paying fees which permit the posting of resumes and job advertisements, allowing for searches of both to be performed. These web-based services offer various levels of fee-based access to these postings and search capabilities, which in turn generate revenue for these companies. Curriculum's website provides its users with instructions and several menus that allow them to browse its webpage efficiently and effectively. Curriculum does not provide every user with access to its resume bank. Instead, the website uses filters that permit only certain clientele with particular fee-based account settings to access this information. Catho used hacking programs to breach these security devices, allowing unauthorized access to resumes on Curriculum's website, spurring the lawsuit. Specifically, the programs developed by Catho allowed it to take advantage of security flaws in Curriculum's website, and gain access to the entire proprietary database - thereby transferring tens of thousands of resumes in a single clandestine night of debauchery. After plaintiff filed suit, the parties set forth arguments before the Brazilian court in support of their respective positions. Curriculum argued it had a property ownership interest in the data, and therefore Catho engaged in unfair competition and unauthorized copying of Curriculum's information. Catho argued that the information was public, access to the website was open and unrestricted, and therefore the information was not afforded legal protection. In sustaining a lower court's previous finding of damages.judge Luiz Mario Galbetti of 33 Civil Court of Sao Paulo found that Catho engaged in unfair competition by breaching Curriculum's internal computer systems and illegally acquiring thousands of resumes posted therein. The court held that the transmission and expansion of Catho's own database through this illegal acquisition served to increase its market visibility with direct effects on the profits obtained by Catho. Relying on notions of unfair enrichment, abuse of rights, and unpredictability, the court awarded damages in the amount of R$21,828,250.00 (in Brazilian Real). In calculating damages, the court considered the amount charged by Catho per month for posting a resume on its website, R$50.00, multiplied by the 436,595 resumes it illegally acquired. With interest and additional penalties this R$21,828,250.00 resulted in an award of R$63 million in damages, or approximately $42 Million USD. U.S. Scraping Lawsuits Similarly, U.S.-based courts have addressed the legal boundaries of extracting information from public websites. In EF Cultural Travel v. Zefer Corp., 318 F.3d 58 (1st Cir.2003), the U.S. Court of Appeals for the First Circuit issued a preliminary injunction pursuant to the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. 1030, to prohibit the use of a “scraper” software program that defendants used to collect pricing information from the plaintiff/competitor’s website. Zefer Corp. (“Zefer”) sought review of the injunction, implemented in a prior hearing with co-defendant Explorica, Inc. (“Explorica”). See EF Cultural Travel BV v. Explorica, Inc., 274 F.3d 577 (1st Cir. 2001). EF and Explorica are competitors in the student travel business, operating websites that permit their respective visitors to explore various vacation packages. To gain a competitive edge, Explorica hired Zefer to build a program that would allow Explorica to “scrape” the prices from EF’s website and download them into an Excel spreadsheet. After accessing EF’s vacation package pricing, Explorica tailored its own costs, purposefully undercutting EF on an average of 5%. EF stumbled upon the “scraping” scheme as a result of discovery in an unrelated, state court lawsuit involving Explorica. As a result, EF filed suit in federal court, seeking an injunction on the grounds that the “scraping” violated both federal copyright laws and various provisions of the CFAA. The underlying issue in the case was whether the use of the scraper program exceeded “authorized access,” in violation of federal law. The relevant CFAA provision examined by the court provides: Whoever. . . knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such useisnotmorethan$5,000inany1-yearperiod. . .shall be punished as provided in subsection (c) of this section. While the CFAA defines “exceeds authorized access” as “to access a computer without authorization and to use such access to obtain or alter information in the computer that the accesseer is not entitled so to obtain or alter,” the court in EF Cultural Travel provided analysis of the term “authorization.” The trial court held that authorization could be determined both explicitly, for example through a direct statement restricting access, or implicitly. In defining the implicit prong, the trial court relied upon a “reasonable expectations” test. Even though the appeals court agreed that authorization can be both explicit and implicit, it rejected application of the reasonable expectations test used by the trial court. Instead, the appeals court determined that “public website provider[s] can easily spell out explicitly what is forbidden and consonantly, that nothing justifies putting users at the mercy of a highly imprecise, litigation-spawning standard like ‘reasonable expectations.’” As a result, the appeals court determined that a clear manifestation of the company’s intent that no information be collected from its website was necessary in order to show “lack of authorization,” such as an explicit statement on the webpage restricting access. Or, to put it more bluntly, “[i]f EF wants to ban scrapers, let it say so on the webpage or a link clearly marked as containing restrictions.” Nonetheless, this federal appeals court decision did not eliminate the concept of implicit authorization, as it may suffice in other circumstances. However, the decision highlighted that a plaintiff must demonstrate unambiguously that authorization was prohibited. The EF Cultural Travel decision promulgates the theory that the right to control access implicates a right to prevent or obtain legal remedies for any unauthorized access. As demonstrated in EF Cultural Travel, authorization may be established both implicitly and explicitly. Another method of disclosing a lack of authorization may be through the creation of technological barriers, such as encryption of particular information. Under this regime, after the initial encounter, a third party must either obtain permission or take unusual steps to circumvent the technological barrier. Lastly, database owners may also establish use authorization conditions through contractual terms. Whatever the means of establishing authorization, or the lack thereof, it is apparent that a reasonable effort to protect is a precondition to maintaining this legal right. It is recognized, however, that the mere posting of information on a public domain, such as the Internet, does not in and of itself extinguish a protectable right to that information. This presumption is also echoed in case law analyzing the misappropriation of trade secrets. For example, in Barnett, Inc. v. Shidler, 338 F.3d 1125 (10th Cir. 2003), the court examined whether former employees misappropriated a trade secret by implementing the Infant Swimming Research program (“ISR”), which was designed by plaintiff as a scientific, behavioral approach to pediatric drowning prevention. In finding the ISR program was not a trade secret, the trial court noted “[plaintiff ] allowed its program to become part of the public domain before seeking protection...,” referring to various published books explaining the ISR method. In reversing this finding, the appeals court highlighted the decision in Rivendell Forest Prods., Ltd. v. Georgia-Pacific Corp., 28 F.3d 1042, 1045 (10th Cir.1994) in which the court found that “a trade secret can exist in combination of characteristics, each of which, considered separately, is in the public domain, but, taken together, may yield a competitive advantage that results in a protectable trade secret,” solidifying the argument that information may be a trade secret notwithstanding the fact that some of its components are well known. See also Syncsort v. Innovative Routines, No. 04-CV-03623, 2011 BL 213594 (D.N.J. Aug. 18, 2011) (federal district court of New Jersey examining the existence of a trade secret in light of its brief publishing on the internet). While case law involving scraping requires some form of notification as to non-authorization, this line of reasoning quashes any argument that information posted on the Internet should not enjoy legal protection simply because of its public nature. A court must determine the underlying intent of the scraper because the legality of extracting data from a website often centers on the underlying intent in copying. The copying of information for any purpose deemed a “fair use” may therefore not be actionable. As evidenced by both EF Cultural Travel and Curriculum, this key element is what often implicates legal remedies. Lessons Learned Easy access to information afforded by the Internet has created a global culture that often accepts the free use (and abuse) of information. This often results in blurred lines between public and private property, especially for those who conduct business through the Internet. Therefore, unless a database is composed of content independently entitled to protection, for example through copyright or trade secret law, database owners must rely upon a patchwork of available legal remedies. Database owners may seek protection under unfair trade statutes or under common law theories such as misappropriation. Contractual restrictions also offer protection, but such a remedy requires privity of contract. Moreover, while a claim for trespass may also be a feasible option, most courts require a showing of actual injury. Lastly, and certainly not exclusively, protection under the CFAA may be warranted. While each option has its own nuances, courts are setting down the foundation of protection in response to the legalities of the Internet age. Therefore, while the potential remedies available to database owners under U.S. law tend to be narrow, it is no doubt only the beginning. Regardless of the underlying legal principal asserted against an illegal scraper, liability attaches on a case by case basis depending upon the type of access obtained by the scraper, the amount of information accessed and copied, the degree to which the access adversely affects the Web site owner’s system and the types and manner of prohibitions on such conduct. The significant monetary award issued by the São Paulo court underscores the value that information has to a company and its survival. The decision also serves as a warning to billions of Internet users globally, as the calculation of damages serves not only to punish the wrongdoer but also to deter the illegal activity in and of itself. These decisions evidence a fairly new attempt by courts to address the legal issues posed by the Internet. While the approach is not yet uniform, there are obvious efforts by courts to protect proprietary information on the Internet from uses that are detrimental to the owners of such sites. Fernando M. Pinguelo, a Partner at Norris, McLaughlin & Marcus, P.A. and co-Chair of the Response to Electronic Discovery & Information Group at the firm, is a U.S.-based trial lawyer who devotes his practice to complex business lawsuits with an emphasis on how technology impacts lawsuits. Mr. Pinguelo founded and contributes to the ABA Journal award-winning blog, eLessons Learned – Where Law, Technology, & Human Error Collide (www. eLLblog.com). To learn more about Mr. Pinguelo, visit www. NYLocalLaw.com or email him at info@NYLocalLaw.com. Renato Opice Blum, CEO of Opice Blum Advogados Associados in São Paulo, Brazil, is a Brazil-based attorney and economist, who established one of the first leading technology-based law firms. Mr. Blum is the Coordinator of the MBA course in Information Technology Law at São Paulo State Law School and a distinguished professor at Fundação Getúlio Vargas, among other universities. Mr. Blum is co-author of the book, Internet and Electronic Law. To learn more about Mr. Blum, visit http://www.opiceblum.com.br/ lang-en/01_profissionais_dadosRes.php?ID_CUREQUIPE=138578 or email him at firstname.lastname@example.org. Kristen M. Welsh is a U.S.-based litigation Associate at Schiffman, Abraham, Kaufman & Ritter, P.C. and focuses her practice on business and employment law matters. Ms. Welsh may be reached at KWelsh@sakr-law.com. . This rule of thumb is also applied in cases analyzing the misappropriation of trade secrets. See Barnett, Inc. v. Shidler, 338 F.3d 1125 (10th Cir. 2003). . Various fair uses have been identified by the court. See Nautical Solutions Mktg., Inc. v. Boats.com, Copy. L. Rep. (CCH) ¶28, 815 (M.D. Fla. 2004) (holding that “momentary copying of open . . . public Web pages in order to extract yacht listings facts unprotected by copyright law constitutes a fair use.”); Ticketmaster Corp. v. Tickets.com, Inc., No. 09-CV-07654 (C.D. Cal. Mar. 7, 2003) (“Taking the temporary copy of the electronic information [from the Ticketmaster.com website database] for the limited purpose of extracting unprotected public facts leads to the conclusion that the temporary use of the electronic signals was ‘fair use’ and not actionable.”); see also Assessment Technologies, LLC v. WIREdata, Inc., 350 F.3d 640 (7th Cir. 2003).