- eLessons Learned
- Press and Publicity
- About Our Team
- Contact eLL Blog
On March 10, 20108, Marc Liebeskind began working at Rutgers Facilities Business Administration Department. By March 28 of that year, Liebeskind was terminated for lacking the basic skill set needed to perform his job in addition to having a poor attitude while on the job. Liebeskind’s supervisors had suspected he was spending an unreasonable amount of time on non-work related activities on his work computer. Having doubts about Liebeskind’s work performance, his supervisors reviewed the browsing history on Liebeskind’s computer by using an application called IEHistoryView. It is important to note that this search only entailed browsing history, and there is no evidence that Liebeskind’s supervisors were granted any access to his personal or password-protected information and accounts. After his termination, Liebeskind filed suit against Rutgers University and his supervisors, claiming invasion of privacy, among other claims. On appeal, the New Jersey Superior Court Appellate Division affirmed the lower court’s ruling, which ruling struck down all claims that Liebeskind’s privacy was violated as a result of his supervisors’ investigating the browser history on his computer. The appellate court referenced the New Jersey Supreme Court’s Stengart ruling, which had set the precedent for an employer’s right to monitor employee Internet activity and usage. Closely followed in previous eLessons Learned posts, the 2010 Stengart ruling held that an employee’s email communication with her attorney, using a company-issued computer, but via a personal, password-protected email account was held to be protected by the attorney-client privilege. However, the court’s decision to uphold Stengart’s privacy was not intended to forbid employers from monitoring employees’ actions on company-issued computers or devices in the future. In Stengart, New Jersey’s highest court stated: “Companies can adopt lawful policies relating to computer use to protect the assets, reputation, and productivity of a business and to ensure compliance with legitimate corporate policies.” As noted in Liebeskind, Rutgers’ “Acceptable Use Policy for Computing and Information Technology Resources” was in effect during the time of Liebeskind’s employment. This policy expressly stated that an employee’s privacy “may be superseded by the University’s requirement to protect the integrity of information technology resources, the rights of all users and the property of the University.” Additionally, Rutgers University “[r]eserve[d] the right to examine material stored on or transmitted through its facilities.” Unlike the findings in Stengart, the court established that Liebeskind did not have a “reasonable expectation of privacy.” In addition, the court agreed that Rutgers had a “legitimate interest in monitoring and regulating plaintiff’s workplace computer.” All companies can learn from this case and the policies in place at Rutgers that protected its right to monitor and search an employee’s computer. One of the most important lessons to be learned here is the need for a written internet usage policy. At the very least, these written policies should mandate that employees are expected to use the Internet and their work issued computers for work related activities only. Additionally, the possible disciplinary actions for any violation of this policy should be made available to employees. As seen in in this case, the existence of an internet usage policy and the reserved right of a company to monitor its employee’s Internet activity is the key to eliminate an employee’s reasonable expectation of privacy.
We all have personal social media pages. No matter who you are, you likely have an online presence in the form of a profile on one of the many sites available on the Internet. One who simply forgets about a newly created social profile can be the subject of worldwide scrutiny—the page is available for all to see. Who cares, right? Most likely, you will not have anything important on there. However, what happens when you are facing a criminal charge and the prosecution uses your social media profile in order to prove your guilt? Meet Aliaksandr Zhyltsou, a Ukrainian native living his life in Brooklyn, New York. All was well until Zhyltsou allegedly furnished Vladyslav Timku with a forged birth certificate, which claimed that Timku was the father of a baby daughter. Timku, as a cooperating witness for the government, admitted that he had sought the forged birth certificate in order to skirt his responsibility to military service in his native Ukraine. During the trail, Timku offered testimony that Zhyltsou had sent him the forged document from the gmail account “firstname.lastname@example.org.” However, the prosecution was unable to offer any other evidence other than Timku’s testimony that tied Zhyltsou to this e-mail address. Therefore, more evidence was necessary in order to corroborate Timku’s claim. Special Agent Cline, from the State Department’s Diplomatic Security Service, provided the prosecution with the link between the e-mail address and the VK.com profile (the Russian equivalent of Facebook). Cline asserted that this profile on VK belonged to the defendant and was linked to the very same gmail account used to send the forged document to Timku. To prosecutors, it seemed like a slam-dunk: here was the evidence needed to corroborate Timku’s testimony and sufficiently tie Zhyltsou to the Gmail account in question. Everything seemed in order; the profile contained a picture of the defendant, his work experience, and most importantly the “azmadeuz” Gmail account. Furthermore, the district court agreed that this was the Zhyltsou’s profile page and therefore the prosecution could use it as evidence to establish the link between the defendant and the gmail account. However, one pesky evidence rule could ruin it all in an instant, Federal Rule 901. Simply, Federal Rule 901 requires that in order to “authenticate or identify” a piece of evidence, a proponent asserting any form of evidence “must produce evidence sufficient to support a finding that the evidence is what the proponent claims it is.” Therefore, in the instant case, the prosecution had the duty to prove that this VK profile page belonged to Zhyltsou alone and was not created by any other person. However, in his haste to provide this vital piece of evidence, the prosecutor failed to adhere to this rule and the case was ultimately overturned on appeal. This case is a prime example of the need for all lawyers to have a firm understanding of electronic discovery. While it may be easy to access social media profiles and the like in order to obtain evidence against an opponent, that is only part of the process. It must be proven that the profile actually belongs to your opponent before you may use it against them as evidence in a court of law. In today’s world, it is not difficult to create fake profiles on such sites and therefore the court was correct in overturning this ruling. However, it is not outside of the realm of possibility that the prosecution could have tied Zhyltsou to this VK profile, it would have simply taken a little more digging and investigative work. A.S. Mitchell received his B.A. in Political Science from the University of Central Florida (2008). He will receive his J.D. from Seton Hall University School of Law in 2015. Presently, A.S. clerks for the Monmouth County Office of the Public Defender. Want to read more articles like this? Sign up for our post notification newsletter, here.
Philips and Hunt may have been debating the ownership of the tagline “Sense and Simplicity,” but it seems the U.S. District Court for the District of New Jersey was more interested in exploring the sense and simplicity of Rule 26 of the Federal Rules of Civil Procedure when it handed down the ruling in Koninklijke Philips N.V. v. Hunt Control Systems. After noting that Rule 26 permits a broad scope of permissible discovery, Magistrate Judge James B. Clark, III held that a responding party need not use every tool in their toolbox in order to comply with a Fed.R.Civ.P. 30(b)(6) deposition request. In his memorandum opinion, Judge Clark held that an alternative approach to ESI collection, as requested by Hunt, was burdensome and likely to be unproductive. The collection was such a burden, in fact, that Judge Clark granted Philips’ motion for a protective order against further such requests. Hunt had previously interviewed “a Philips IT/ESI discovery professional” regarding Philips’ ESI practices. Months later, Hunt noticed a deposition for an IT witness claiming that Philips’ responses for eight questions were not adequately answered by the interviewee. Philips objected to the deposition request and petitioned the court for a protective order. Hunt argued that the IT deposition was necessary in order to discover whether Philips was using appropriate search tools for the ESI discovery requests. Hunt’s argument was supported by an IT professional who opined that Philips’ “cloud-based IT structure” and Philips’ “sophisticated and comprehensive state-of-the-art document search and location tools” meant that Philips was obligated to use a particular method to accommodate Hunt’s electronic discovery requests. Hunt further argued that the deposition did not create an undue burden on Philips so as to outweigh the likely benefits. In seeking a protective order, Philips counters that the provided answers were accurate and that Philips has consistently used “a custodian-based approach to collecting ESI” and thus, shouldn’t be required to employ alternative approaches at the request of Hunt. The court agreed with Philips, citing three individual reasons. First, the Court found that Hunt failed to carry its burden of showing that Philips’ production has been materially deficient. Significantly, Judge Clark wrote that just because Hunt was dissatisfied with the result of Philips’ production, such dissatisfaction was “not enough to reopen the door to the collection of ESI discovery under an entirely different method.” Because Philips’ responses were true and accurate, there was “no compelling reason” to force Philips to use Hunt’s preferred method of production. Second, the court held that even if an alternative approach to ESI collection was more appropriate than Philips’ “custodian-based” search, Hunt still failed to produce evidence showing that conducting another search under their preferred methods would substantially alter the results Philips already produced. Again, Judge Clark takes the opportunity to emphasize that employing multiple methods of production would be “duplicative” and “an inefficient use of time and resources.” Third, and most importantly for future cases involving these circumstances, Judge Clark wrote that it was not Hunt’s requested deposition that caused an undue burden on Philips, but rather “the possibility of opening the door to more (and likely unproductive) discovery with no apparent end in sight.” Putting a stern period on the end of a judicial statement, Judge Clark concluded by noting that the proposed deposition contained only a “marginal benefit” to Hunt that is “heavily outweighed” by the “tremendous burden” to Philips. Judge Clark made it clear (and seemingly warned future litigators) that the court will not entertain duplicative and seemingly petty disputes over the method of e-discovery production, so long as the information produced is not “materially deficient.” In light of this decision, parties requesting discovery would be wise to make their requests as specific as possible in the first instance, including a specified or desired approach to collecting ESI. Such specificity (accompanied with reasonability) may result in more beneficial discovery as well as preventing the scorn of wasted judicial time. Nicole was a 2010 magna cum laude graduate of Northeastern University located in Boston, Massachusetts, where she earned her B.A. in English and Political Science. In 2015, Nicole will receive her J.D. from Seton Hall University School of Law. After graduation, Nicole will serve as a clerk to a trial judge of the Superior Court of New Jersey in the Morris-Sussex Vicinage.
A pyrrhic victory is defined by winning an early battle but eventually losing the war because of the costs and expenses of that earlier battle. Everyone has heard the phase, “you may have won this battle but I will win the war.” Victory in life, business, and litigation is achieved by obtaining a favorable outcome in the end, and not defined by winning an early battle over discovery where you exhaust resources by attempting to try to obstruct your opponent. Individuals who fail to comply and purposely try to hide or destroy a document can trigger serious legal consequences and significantly hurt their chances for long term success in the litigation. In Klipsch Group, Inc. v. Big Box Store Ltd., Klipsch Group, Inc. sued Big Box Store (“BBS”) for the spoliation of relevant documents as well as other discovery misdeeds. Klipsch commenced a lawsuit against BBS for infringement of their trademark on a particular headphone in 2012. BBS conceded that they sold some counterfeit headphones but claimed that the sales were innocent and yielded almost no profit. Klipsch’s main claim against BBS is that they failed to hold or preserve relevant documents pertaining to the pending lawsuit when they became aware of the litigation in August 2012 (a requirement by law). Every litigant has an obligation to take reasonable measures to preserve all potentially relevant documents once it has noticed that a lawsuit has been filed. Specifically, that obligation may arise even prior to litigation being formally filed if "the party 'should have known that the evidence may be relevant to future litigation.'" MASTR Adjustable Rate Mortgages Trust 2006-OA2 v. UBS Real Estate Secs., Inc., 295 F.R.D. 77, 82 (S.D.N.Y. 2013) (quoting Kronisch v. United States, 150 F.3d 112, 126 (2d Cir. 1998)). Here, BBS should have known about the possibility of future litigations since they were knowingly infringing onto Klipsch’s patent by selling counterfeit headphones. Klipsch suspected that BBS’ actions warranted, at a minimum, a forensic investigation into their company for documents that could reveal if a larger quantity of counterfeit headphones were sold. Klipsch, correctly believed, that based on the information they received through discovery it seemed that large quantities of documents (emails, transactional documents, sales reports) were missing or altered. This belief was verified during subsequent depositions of BBS employees. The depositions revealed that BBS employees produced contradicting stories than the information revealed in discovery. In deciding Klipsch Group, Inc. v. Big Box Store Ltd., the court refused to levy a severe punishment against BBS although it was discovered that they had broken numerous discovery laws. Instead, the court took a passive approach and applied “the mildest of available remedies” that allowed the parties leave to pursue additional discovery, except this time with an experienced forensic computer expert. However, the court could have imposed stricter penalties onto BBS, such as, termination, preclusion of testimony, or a mandatory adverse-inference charge after it discovered BBS’s possible attempt to destroy evidence. Instead, the court chose a more cautious route and tabled those actions until the forensic discovery was completed. This ponders the question, if the aim of any remedy is to deter the parties from engaging in spoliation and restore the aggrieved party to the same position then why not have automatic forensic discovery? The answer? Costs. Klipsch suggested that the imposition of costs, including fees should be shifted to BBS. The court disagreed and held that the costs would first be borne by Klipsch and could be reallocated or apportioned based on the findings of the expert’s report. The court could better deter abuse of discovery by always imposing costs for forensic experts onto defendants who are found to have wrongfully withheld information requested in discovery. This action and precedent would cause all parties to become forthcoming with unaltered information due to the fear of additional costs levied in litigation. Ultimately, the expert’s report will produce the information needed for Klipsch to move forward in their litigation against BBS, or it will prove unfruitful and Klipsch will drop their litigation. This entire matter could have been avoided if BBS did not attempt to hide information during discovery. BBS could have avoided a pyrrhic problem by not exhausting valuable resources into possibly altering evidence of the sale of counterfeit headphones. However, this case could be used as future precedent to prevent future companies from pursuing this option as a method of strategy if they automatically shift the costs of forensic experts to the litigant in situations where inaccuracies of discovery occur. Timothy received his B.A. from Rutgers University in 2011. He began his post-college life working in Trenton, New Jersey at a lobbying and non-profit management organization before attending law school in the fall of 2012. He will receive his J.D. from Seton Hall University School of Law in 2015. Timothy has had a diverse set of experiences during his time in law school and has found his calling in Tax Law. Want to read more articles like this? Sign up for our post notification newsletter, here.
Preserving electronic data can be a challenge for companies with multiple data centers. However, what we have here is a failure to communicate. The case at issue is an ERISA class action against UnumProvident. On November 26, plaintiffs' counsel wrote to request a conference to present their request for a preservation. The court then outlined principles that would serve as the basis for the parties' draft of a proposed order. The court observed, without contradiction from UnumProvident, that UnumProvident already had a duty to preserve any tapes containing emails as of November 4, the date litigation commenced. The order required all back-up tapes or other back-up hard drives, disks or other hardware containing material back-up by the defendants regarding Y2K, regardless of the date or dates of the internal or external e-mails, computer information, or electronic media contained thereon to be preserved. Specifically the plaintiffs requested all internal and external e-mails, generated, created, or dated October 14, 15, and 16 of 2002, and November 18, 19, and 20 of 2002. If the defendants alleged these e-mails were no longer in existence due to routine destruction or otherwise, the defendants had to provide an affidavit explaining circumstances of the unavailability. UnumProvident’s Enterprise Security Architect decided instead of preserved the data to implement a special “snapshot” back-up which would back-up those emails that were on the system as of the day or days the snapshot was taken. UnumProvident could also have directed IBM, their data vendor, to copy email back-up tapes from existing unexpired tapes to other back-up tapes that would contain no expiration date. Similarly, it could have copied the data onto a hard drive or into other computer media. Instead, this snapshot inadvertently caused all of the data on the back-up tapes to be overwritten. The court found that no enterprise officers of UnumProvident had sufficient expertise to discuss the preservation project in a meaningful way. Neither of them took the steps that they needed to take to get sufficiently informed advice on the issues involved. Similarly, there was insufficient supervision of the Enterprise Software Architect's efforts. The officer had also never ordered IBM to preserve emails regarding the six dates. Additionally, the law department of UnumProvident never instructed its officers to confirm that email for the six days had been preserved by IBM. As this issue developed relatively early in discovery, the court found it difficult to determine the extent to which the plaintiffs have suffered any prejudice from the failure to capture all of the UnumProvident emails for the six days. Throughout the whole opinion, the court was very skeptical of the testimony of UnumProvident’s officers. The court determined most of UnumProvident’s actions were inadequate. However, it also determined the accelerated expiration problem that occurred because of the creation of the snapshot was inadvertent and unintended. Therefore, the court did not award any sanctions. It can still be assumed the court would be less trusting of UnumProvident after this debacle and less likely to give them the benefit of the doubt.
The plaintiff, Torrington Co., sought to challenge a final determination made by the International Trade Administration of the United States Department of Commerce. The case centered upon the discovery requests made by the plaintiff. The plaintiff argued that it was entitled to three things: 1) a computer tape of computer instructions, 2) a computer tape of SAS data sets, and 3) a hard copy for each file transmitted by tape. The plaintiff maintained that it was entitled to this discovery because it was part of the administrative record. The court disagreed. The court found that the computer tape of computer instructions, computer tape of the SAS data sets, and the hard copies were not a part of the administrative record because not only were they not “obtained by” or “presented to” the administrative agency (the International Trade Administration), but they did not even exist. If the materials did not exist (and never existed) they are clearly not part of the administrative record. In fact, the computer tapes and hard copies could only be created after the determination by the agency; they could not possibly be part of the administrative record at all. The defendant agreed to give the plaintiff microfilmed computer printouts which contained both the computer programming instructions and the SAS data sets. Note that these microfilmed computer printouts were not the same as computer tapes (which were requested by the plaintiff.) The court cited previous cases that established two principles. First, the court was not obliged to force a defendant to produce data in a format that was most convenient for a plaintiff. Second, the court should balance the plaintiff’s need for the specific type of information with the hardship placed upon the defendant. The court held that not only had plaintiff failed to show its need for the computer tapes, but that the defendant had shown that it would suffer “extreme hardship” if it were forced to produce the computer tapes. The plaintiff attempted to bolster its position by citing Daewoo v. United States, 10 CIT 754, 650 F. Supp. 1003, in which the court ordered that all computerized data be produced including “all further refined forms of electronic storage of the data involved.” However the court distinguished the case at hand from the facts in Daewoo by pointing out that in that case, the government did not demonstrate any kind of hardship. In the present case, the requested computer tapes did not exist and requiring the defendant to produce them would have been burdensome and expensive. The court notes that according to one source it would take 7,500 hours to create a computer tape containing 15,000 pages of the printout that was already created. By the account of one affidavit, it was estimated that it would take defendant’s department staff no less than a full two weeks to produce the computer tapes. Administrative agencies have many tasks and aim for efficiency – such a discovery request would doubtless be taxing on the agency’s resources. The plaintiff also claims that it would be equally burdened if it had to produce the tapes.] The court held that when the cost, burden, and time of creating the tapes is equal on both parties, then the burden of producing the tapes falls on the party making the request. Accordingly, the court held that the defendant did not have to make the computer tapes and that the parties were obliged to use the “more convenient, less expensive or less burdensome” computer printouts that were already in existence. What should have the plaintiff done in this scenario? It is unclear why the printouts were insufficient such that computer tapes were necessary. The plaintiff should have come prepared to show why production of the computer tapes would be more taxing on itself than on the defendant-agency. Rocco Seminerio is a Seton Hall University School of Law graduate (Class of 2014). Mr. Seminerio focused his studies in the areas of Estate Planning, Elder Law, and Health Law. He graduated from Seton Hall University in 2011 with a degree in Philosophy.
On July 31, 1996, plaintiff Omega Engineering Corp. ("Omega"), a New Jersey based company, lost its computer programs relating to design and production permanently from its system. Omega manufactured “highly specialized and sophisticated industrial process measurement devices and control equipment” for NASA and the United States Navy. The deletion of these programs debilitated their ability for manufacturing as well as costed the company millions of dollars in contracts and sales. From 1985 to July 10, 1996, defendant Timothy Lloyd worked as the computer system administrator at Omega. He trained with the Novell computer network and installed it to Omega’s computer system. The program worked to ensure that all of Omega’s documents could be kept on a central file server. Lloyd was the only Omega employee to maintain the Novell client and have “top-level security access” to it; however, the defense asserted that others at the company had access. According to a government expert, access "means that ... [an] account has full access to everything on the server." Lloyd was also the only employee in charge of backing up the information to the server. In 1994 or 1995, Lloyd became difficult. The company moved him laterally in hopes of improving his behavior. A government witness testified that even though it was a lateral move, it was in fact, considered a demotion by the company. Lloyd’s new supervisor asked him about the back-up system and wanted him to loop a couple more people in but he never did. Moreover, he instituted a company-wide policy that employees were no longer allowed to make personal backups of their files. On top of the above issues, there was also a “substandard performance review and raise.” The combination of the two factors, according to the government, showed Lloyd that his employment with the company would soon be terminated. This established Lloyd’s motive to sabotage the Omega computer system. On July 10, 1006, Lloyd was terminated. On July 31, 1996, Omega’s file server would not start up. On July 31, “Lloyd told a third party, that "everybody's job at Omega is in jeopardy.” days later it was realized that all of the information contained on it were permanently lost. More than 1,200 of Omega’s programs were deleted and, as per Lloyd’s policy, none of the employees had their own personal backups. There was no way for any of these programs to be recovered. A search warrant conducted on Lloyd’s house turned up some backup tapes and a file server master hard drive. Experts hired by Omega found that the deletion of information was “intentional and only someone with supervisory-level access to the network could have accomplished such a feat.” The commands necessary to pull off such a purge were characterized as a “time bomb” set to go off on July 31st when an employee logged into the system. There was evidence found by these experts of Lloyd testing these specific commands three different times. This string of commands was further found on the hard drive that was in Lloyd’s home. Lloyd was convicted of a federal count of computer sabotage. It was remanded due to a jury member’s claimed use of outside knowledge during deliberations. Julie received her J.D. from Seton Hall University School of Law in 2014. Prior to law school, she was a 2008 magna cum laude graduate of Syracuse University, where she earned a B.A. in History and a minor in Religion and Society. After law school, Julie will serve as a law clerk to a judge of the Superior Court of New Jersey.
Background Omega Engineering Corporation, an international company based in New Jersey, was once the employer of Timothy Lloyd. To put Omega’s importance into perspective, the U.S. Navy and NASA were two of their clients for highly specialized and sophisticated industrial process measurement devices. According to testimony during the trial, Lloyd worked at Omega as its sole system administrator from 1985 through 1996. In 1995, Lloyd had undergone Novell network training and installed Novell software on Omega’s computer system. Additionally, Lloyd was the only person who maintained and had top-level access to the Omega network. Between 1994 and 1995, Lloyd became belligerent and increasingly truculent. Due to his poor interpersonal skills, he was demoted in May 1995 from manufacturing to support engineer. A woman who had once been Lloyd’s subordinate and had engaged in a romantic relationship with Lloyd, was the individual responsible for replacing Lloyd as manufacturing supervisor. In June 1996, Lloyd instituted a policy to “clean up” all of the individual computers in Omega’s manufacturing department. It was unclear as to why Lloyd was implementing company policies after his demotion. Nonetheless, the policy required employees to save their files to the company’s file server and prohibited them from making their own backups. Lloyd’s manager became suspicious of this policy and requested from Lloyd access to the file server. Lloyd never complied. By the end of June, upper management had enough of Lloyd’s behavior and terminated him in early July 1996. On July 31, Omega’s file server would not boot up. All of Omega’s manufacturing programs on the server, which contained instructions for operating the machines, were gone. Multiple computer experts were brought in to recover the files, but to no avail. The files had not only been deleted, but also had been “purged,” meaning that they were rendered unrecoverable. A leading expert on Novell networking testified at trial that this could only have been done intentionally and by someone with supervisory-level access. The government’s theory included that on July 30, anyone who would log on to the server at any time after that date would “detonate” a program installed by Lloyd that would destroy the information on the Omega file server. The government’s theory was bolstered by the fact that the Secret Service recovered missing Omega backup tapes that had been reformatted as well as a master hard drive from the file server. This had the same string of commands that had functioned as the time bomb program found on the Omega file server. The Decision Ultimately, Lloyd was found guilty of computer sabotage. The jury had deliberated for over twelve hours over the span of three days and had requested testimony in the jury room before they reached their verdict. However, three days after the verdict, one juror said that she had seen on the news, during the trial, about a computer virus called the Philippine “love bug” which allowed the perpetrator to cause great harm by flooding the victim computers and causing them to crash. Whether this affected her decision is unclear; however, the defendant claimed that his 6th Amendment rights had been violated. The district court agreed, granting a new trial. On review, the Court of Appeals reversed the district court’s holding. After a lengthy discussion, the court said that there were significant dissimilarities between the “love bug” and the “time bomb” and most jurors would not confuse the two. Therefore, the appellate court found, the defendant was not prejudiced. Lloyd’s managers should never have allowed a single employee hold as much power as they did. This case highlights the vulnerabilities the company subjects itself to if that is allowed to happen. For example, Omega lost over 1,200 programs and many current and potential clients as well. Akiva Shepard received his J.D. from Seton Hall University School of Law in 2014. Akiva has worked for a New York State Supreme Court Judge in Kings County, and for a NJ real estate firm.
This Article was originally published with Bloomberg Law Reports on November 9, 2011. The Internet has afforded anyone, anywhere, a wealth of information at one's fingertips. Within the current and everexpanding age of technology, Brazilian- and U.S.-based courts continue to draw legal boundaries within a seemingly boundless cyberspace. The boundlessness of the Internet, and its related technologies, transcends geographical limits and poses worldwide issues of regulation. One such technology, which has caught the attention of businesses and resulted in significant legal battles, is "scraping" - a computer software technique that extracts publicly available information from websites. While in and of itself, "scraping" may not be unlawful, courts in Brazil and the U.S. have begun to carve out permissible and impermissible uses of this technology. Brazilian Scraping Lawsuit A recent court opinion of first impression in Sao Paulo, Brazil, gives newfound meaning to ownership rights of information available on the Internet. The Brazilian court's opinion in Curriculum Tecnologia Ltda. v. Catho Online S/C Ltda., et al, examines claims of unfair competition and violation of copyright rules, as applicable to the Internet. The plaintiff, Curriculum Tecnologia Ltda. ("Curriculum"), and defendant, Catho Online S/C Ltda. ("Catho"), are employment recruitment companies, operating solely through the Internet. Thousands of individuals seeking employment use the services of these companies by posting their resumes on the respective websites. In turn, employers seeking to hire review thousands of potential candidates to fill their open positions. In fact, Curriculum is the largest employment website in Brazil, providing a meeting place for over 6 million registered applicants and 100 thousand user companies. These services allow for a faster and easier connection to the open job market. In February 2002, developers at Curriculum noticed an unusual increase in activity on their company's website. While, generally, Curriculum's customers search approximately 500 resumes per day on its website, developers became suspicious when one particular user registered over 63,000 searches in one day. Upon further investigation, Curriculum technicians blocked the particular account and tracked its origin back to a computer at Catho, the defendant competitor. As a result of its investigation and findings, Curriculum filed suit against Catho alleging various business-related claims. As the lawsuit proceeded in the normal course, fact gathering efforts revealed flagrant and deceptive practices by Catho to illegally, in violation of Brazilian law, acquire information from Curriculum's website. In short, Catho developed a program that enabled it to copy ell mass Curriculum's website information database through which it could access resumes from Curriculum's website. Once Catho gained access to the resume information, it used it for its own commercial purposes. The purpose behind Catho's efforts was to increase its own potential employee base in order to offer a wider range to online employment recruiters. Catho acquired hundreds of thousands of resumes from its competitors through the use of these and related methods. Indeed, Curriculum was not the only competitor to bring suit against Catho for these practices, as several other victims of this Internet hacking scheme brought separate actions against Catho. To appreciate the breach of security and the value of the acquired information, one must understand the function of the employment recruitment market in Brazil within which these parties operate. Both parties operate primarily as online employment search engines. Individuals who seek employment and employers who seek skilled individuals, use the services of these recruitment companies by paying fees which permit the posting of resumes and job advertisements, allowing for searches of both to be performed. These web-based services offer various levels of fee-based access to these postings and search capabilities, which in turn generate revenue for these companies. Curriculum's website provides its users with instructions and several menus that allow them to browse its webpage efficiently and effectively. Curriculum does not provide every user with access to its resume bank. Instead, the website uses filters that permit only certain clientele with particular fee-based account settings to access this information. Catho used hacking programs to breach these security devices, allowing unauthorized access to resumes on Curriculum's website, spurring the lawsuit. Specifically, the programs developed by Catho allowed it to take advantage of security flaws in Curriculum's website, and gain access to the entire proprietary database - thereby transferring tens of thousands of resumes in a single clandestine night of debauchery. After plaintiff filed suit, the parties set forth arguments before the Brazilian court in support of their respective positions. Curriculum argued it had a property ownership interest in the data, and therefore Catho engaged in unfair competition and unauthorized copying of Curriculum's information. Catho argued that the information was public, access to the website was open and unrestricted, and therefore the information was not afforded legal protection. In sustaining a lower court's previous finding of damages.judge Luiz Mario Galbetti of 33 Civil Court of Sao Paulo found that Catho engaged in unfair competition by breaching Curriculum's internal computer systems and illegally acquiring thousands of resumes posted therein. The court held that the transmission and expansion of Catho's own database through this illegal acquisition served to increase its market visibility with direct effects on the profits obtained by Catho. Relying on notions of unfair enrichment, abuse of rights, and unpredictability, the court awarded damages in the amount of R$21,828,250.00 (in Brazilian Real). In calculating damages, the court considered the amount charged by Catho per month for posting a resume on its website, R$50.00, multiplied by the 436,595 resumes it illegally acquired. With interest and additional penalties this R$21,828,250.00 resulted in an award of R$63 million in damages, or approximately $42 Million USD. U.S. Scraping Lawsuits Similarly, U.S.-based courts have addressed the legal boundaries of extracting information from public websites. In EF Cultural Travel v. Zefer Corp., 318 F.3d 58 (1st Cir.2003), the U.S. Court of Appeals for the First Circuit issued a preliminary injunction pursuant to the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. 1030, to prohibit the use of a “scraper” software program that defendants used to collect pricing information from the plaintiff/competitor’s website. Zefer Corp. (“Zefer”) sought review of the injunction, implemented in a prior hearing with co-defendant Explorica, Inc. (“Explorica”). See EF Cultural Travel BV v. Explorica, Inc., 274 F.3d 577 (1st Cir. 2001). EF and Explorica are competitors in the student travel business, operating websites that permit their respective visitors to explore various vacation packages. To gain a competitive edge, Explorica hired Zefer to build a program that would allow Explorica to “scrape” the prices from EF’s website and download them into an Excel spreadsheet. After accessing EF’s vacation package pricing, Explorica tailored its own costs, purposefully undercutting EF on an average of 5%. EF stumbled upon the “scraping” scheme as a result of discovery in an unrelated, state court lawsuit involving Explorica. As a result, EF filed suit in federal court, seeking an injunction on the grounds that the “scraping” violated both federal copyright laws and various provisions of the CFAA. The underlying issue in the case was whether the use of the scraper program exceeded “authorized access,” in violation of federal law. The relevant CFAA provision examined by the court provides: Whoever. . . knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such useisnotmorethan$5,000inany1-yearperiod. . .shall be punished as provided in subsection (c) of this section. While the CFAA defines “exceeds authorized access” as “to access a computer without authorization and to use such access to obtain or alter information in the computer that the accesseer is not entitled so to obtain or alter,” the court in EF Cultural Travel provided analysis of the term “authorization.” The trial court held that authorization could be determined both explicitly, for example through a direct statement restricting access, or implicitly. In defining the implicit prong, the trial court relied upon a “reasonable expectations” test. Even though the appeals court agreed that authorization can be both explicit and implicit, it rejected application of the reasonable expectations test used by the trial court. Instead, the appeals court determined that “public website provider[s] can easily spell out explicitly what is forbidden and consonantly, that nothing justifies putting users at the mercy of a highly imprecise, litigation-spawning standard like ‘reasonable expectations.’” As a result, the appeals court determined that a clear manifestation of the company’s intent that no information be collected from its website was necessary in order to show “lack of authorization,” such as an explicit statement on the webpage restricting access. Or, to put it more bluntly, “[i]f EF wants to ban scrapers, let it say so on the webpage or a link clearly marked as containing restrictions.” Nonetheless, this federal appeals court decision did not eliminate the concept of implicit authorization, as it may suffice in other circumstances. However, the decision highlighted that a plaintiff must demonstrate unambiguously that authorization was prohibited. The EF Cultural Travel decision promulgates the theory that the right to control access implicates a right to prevent or obtain legal remedies for any unauthorized access. As demonstrated in EF Cultural Travel, authorization may be established both implicitly and explicitly. Another method of disclosing a lack of authorization may be through the creation of technological barriers, such as encryption of particular information. Under this regime, after the initial encounter, a third party must either obtain permission or take unusual steps to circumvent the technological barrier. Lastly, database owners may also establish use authorization conditions through contractual terms. Whatever the means of establishing authorization, or the lack thereof, it is apparent that a reasonable effort to protect is a precondition to maintaining this legal right. It is recognized, however, that the mere posting of information on a public domain, such as the Internet, does not in and of itself extinguish a protectable right to that information. This presumption is also echoed in case law analyzing the misappropriation of trade secrets. For example, in Barnett, Inc. v. Shidler, 338 F.3d 1125 (10th Cir. 2003), the court examined whether former employees misappropriated a trade secret by implementing the Infant Swimming Research program (“ISR”), which was designed by plaintiff as a scientific, behavioral approach to pediatric drowning prevention. In finding the ISR program was not a trade secret, the trial court noted “[plaintiff ] allowed its program to become part of the public domain before seeking protection...,” referring to various published books explaining the ISR method. In reversing this finding, the appeals court highlighted the decision in Rivendell Forest Prods., Ltd. v. Georgia-Pacific Corp., 28 F.3d 1042, 1045 (10th Cir.1994) in which the court found that “a trade secret can exist in combination of characteristics, each of which, considered separately, is in the public domain, but, taken together, may yield a competitive advantage that results in a protectable trade secret,” solidifying the argument that information may be a trade secret notwithstanding the fact that some of its components are well known. See also Syncsort v. Innovative Routines, No. 04-CV-03623, 2011 BL 213594 (D.N.J. Aug. 18, 2011) (federal district court of New Jersey examining the existence of a trade secret in light of its brief publishing on the internet). While case law involving scraping requires some form of notification as to non-authorization, this line of reasoning quashes any argument that information posted on the Internet should not enjoy legal protection simply because of its public nature. A court must determine the underlying intent of the scraper because the legality of extracting data from a website often centers on the underlying intent in copying. The copying of information for any purpose deemed a “fair use” may therefore not be actionable. As evidenced by both EF Cultural Travel and Curriculum, this key element is what often implicates legal remedies. Lessons Learned Easy access to information afforded by the Internet has created a global culture that often accepts the free use (and abuse) of information. This often results in blurred lines between public and private property, especially for those who conduct business through the Internet. Therefore, unless a database is composed of content independently entitled to protection, for example through copyright or trade secret law, database owners must rely upon a patchwork of available legal remedies. Database owners may seek protection under unfair trade statutes or under common law theories such as misappropriation. Contractual restrictions also offer protection, but such a remedy requires privity of contract. Moreover, while a claim for trespass may also be a feasible option, most courts require a showing of actual injury. Lastly, and certainly not exclusively, protection under the CFAA may be warranted. While each option has its own nuances, courts are setting down the foundation of protection in response to the legalities of the Internet age. Therefore, while the potential remedies available to database owners under U.S. law tend to be narrow, it is no doubt only the beginning. Regardless of the underlying legal principal asserted against an illegal scraper, liability attaches on a case by case basis depending upon the type of access obtained by the scraper, the amount of information accessed and copied, the degree to which the access adversely affects the Web site owner’s system and the types and manner of prohibitions on such conduct. The significant monetary award issued by the São Paulo court underscores the value that information has to a company and its survival. The decision also serves as a warning to billions of Internet users globally, as the calculation of damages serves not only to punish the wrongdoer but also to deter the illegal activity in and of itself. These decisions evidence a fairly new attempt by courts to address the legal issues posed by the Internet. While the approach is not yet uniform, there are obvious efforts by courts to protect proprietary information on the Internet from uses that are detrimental to the owners of such sites. Fernando M. Pinguelo, a Partner at Norris, McLaughlin & Marcus, P.A. and co-Chair of the Response to Electronic Discovery & Information Group at the firm, is a U.S.-based trial lawyer who devotes his practice to complex business lawsuits with an emphasis on how technology impacts lawsuits. Mr. Pinguelo founded and contributes to the ABA Journal award-winning blog, eLessons Learned – Where Law, Technology, & Human Error Collide (www. eLLblog.com). To learn more about Mr. Pinguelo, visit www. NYLocalLaw.com or email him at info@NYLocalLaw.com. Renato Opice Blum, CEO of Opice Blum Advogados Associados in São Paulo, Brazil, is a Brazil-based attorney and economist, who established one of the first leading technology-based law firms. Mr. Blum is the Coordinator of the MBA course in Information Technology Law at São Paulo State Law School and a distinguished professor at Fundação Getúlio Vargas, among other universities. Mr. Blum is co-author of the book, Internet and Electronic Law. To learn more about Mr. Blum, visit http://www.opiceblum.com.br/ lang-en/01_profissionais_dadosRes.php?ID_CUREQUIPE=138578 or email him at email@example.com. Kristen M. Welsh is a U.S.-based litigation Associate at Schiffman, Abraham, Kaufman & Ritter, P.C. and focuses her practice on business and employment law matters. Ms. Welsh may be reached at KWelsh@sakr-law.com. . This rule of thumb is also applied in cases analyzing the misappropriation of trade secrets. See Barnett, Inc. v. Shidler, 338 F.3d 1125 (10th Cir. 2003). . Various fair uses have been identified by the court. See Nautical Solutions Mktg., Inc. v. Boats.com, Copy. L. Rep. (CCH) ¶28, 815 (M.D. Fla. 2004) (holding that “momentary copying of open . . . public Web pages in order to extract yacht listings facts unprotected by copyright law constitutes a fair use.”); Ticketmaster Corp. v. Tickets.com, Inc., No. 09-CV-07654 (C.D. Cal. Mar. 7, 2003) (“Taking the temporary copy of the electronic information [from the Ticketmaster.com website database] for the limited purpose of extracting unprotected public facts leads to the conclusion that the temporary use of the electronic signals was ‘fair use’ and not actionable.”); see also Assessment Technologies, LLC v. WIREdata, Inc., 350 F.3d 640 (7th Cir. 2003).
In Brown v. Tellermate Holdings Ltd., Tellermate Holdings, the defendant company, terminated two employees for allegedly failing to meet sales targets over several years. The employees, feeling that they were wrongfully terminated due to their age, filed an employment discrimination action against the company as well as other entities and individuals associated with Tellermate. Throughout pre-trial proceedings, the case was plagued with numerous discovery mishaps. The plaintiffs requested from the defendant company data stored and maintained by Salesforce.com, which would, in theory, evidence plaintiffs’ sales records over the last few years in addition to allowing the plaintiffs to compare their sales figures with other (younger) employees. However, even though numerous discovery conferences were held, numerous discovery motions filed with the court, and several discovery orders issued by the court, the defendant corporation failed to produce the requested data and documents. Ultimately, the plaintiffs filed for judgment and sanctions under Federal Rule 37(b)(2); the court held a three-day evidentiary hearing on the matter. The presiding judge, United States Magistrate Judge Terence P. Kemp, identified three areas in which the defendant company or its counsel failed in its obligations to the plaintiffs and the court in relation to production of documents and data: Defendant’s counsel failed to understand how Tellermate’s data stored with Salesforce.com could be obtained and produced to plaintiffs, which resulted in counsel making false statements to the plaintiffs’ counsel and the court; By failing to understand how the defendant’s data was stored and maintained, defendant’s counsel took no steps to preserve the integrity of the information in Tellermate’s database located with Salesforce.com; Defendant’s counsel failed to learn of the existence of documents relating to a prior age discrimination charge until almost a year after plaintiffs requested the documents; Defendant’s counsel produced a “document dump” resulting from counsel’s use of an overly-broad keyword search that yielded around 50,000 irrelevant documents, which plaintiffs’ counsel could not review within the time period ordered by the court. The Salesforce.com Data Judge Kemp found that Tellermate’s failure to preserve and produce the data logged on Salesforce.com’s website irreparably deprived the plaintiffs of reliable information necessary in supporting their claims. Although defendant’s counsel initially stated that Tellermate “does not maintain salesforce.com information in hard copy format,” “cannot print out accurate historical records from salesforce.com,” and that “discovery of salesforce.com information should be directed at salesforce.com, not Tellermate,” the court found such statements to be on their face false. In fact, Tellermate did have access to the information sought by the plaintiffs as one, and sometimes two, of Tellermate's employees enjoyed the highest level of access to the Salesforce.com information. The court determined that the information eventually produced by the defendants could not be trusted as “even a forensic computer expert has no way to detect hat changes, deletions[,] or additions were made to the database on an historical basis.” Because of Tellermate’s failure to preserve the Salesforce.com data, Judge Kamp precluded Tellermate from providing evidence showing that the plaintiff-employees were terminated for their alleged underperformance. Counsel’s Obligations With Respect to ESI The court found that the defense’s counsel fell short of their well-established obligations to critically examine the documents and data Tellermate provided to them. Tellermate made false representations to its counsel about the data’s availability and therefore caused undue delay in document production as well as false and misleading arguments to be made to plaintiffs’ counsel and to the court. Subsequently, the plaintiffs were forced to file discovery motions before the court to address these discovery issues which produced the Salesforce.com data that was never properly preserved albeit its significance to the plaintiffs’ case. Judge Kemp ultimately determined that counsel for the defendant conducted an inadequate investigation of Tellermate’s electronic data while simultaneously failing to understand the most basic concepts of cloud computing and cloud storage, which led to counsel’s failing to preserve key electronic data. Control of Data Stored in the Cloud As mentioned above, Tellermate and its counsel repeatedly represented to the plaintiffs and to the court that it did not possess and could not produce any of the Salesforce.com data requested by plaintiffs. Additionally, the defendants asserted that in light of those facts, the defendants could not preserve the data stored on Salesforce.com’s databases at any point prior to litigation. Judge Kemp dismissed these claims. The court concluded that, without any factual basis whatsoever, no substantive argument could be made that Tellermate was prohibited from accessing the information stored on the Salesforce.com databases or that Salesforce.com was responsible for preserving Tellermate’s information and data as it was the entity that maintained possession and control of the data. In reality, Tellermate was the custodian of the data stored on the Salesforce.com databases. While information can be stored in locations outside the immediate control of the corporate entity by third party providers, it can still be under the legal control of the owner of the data and therefore must be produced by the owner under Federal Rule 34(a)(1)(A). Additionally, had Tellermate’s counsel critically examined the agreement between Tellermate and Salesforce.com, it would have realized that Tellermate was the owner of all data created by its employees and that Tellermate could, at any time, download the data stored on the Salesforce.com databases for preservation and production purposes. Limitations on Document Production to Avoid “Document Dumps” Tellermate produced to the plaintiffs 50,000 pages of irrelevant documents, classified by Judge Kemp as a “document dump.” Tellermate’s counsel refused to disclose which search terms it used in deciding which documents to produce to the plaintiffs, claiming that the search terms were privileged. In actuality, the court discovered, Tellermate’s counsel only used the full names and nicknames of employees as its search terms, which obviously yielded irrelevant documents. Without reviewing the returned documents, and because the court’s deadline for producing relevant documents was rapidly approaching, Tellermate’s counsel produced to the plaintiffs the documents as “Attorney’s Eyes Only.” The court recognized that a protective order was permitted only when counsel held a good faith belief that such information constituted a “trade secret or other confidential research, development, or proprietary business information, and that such material was entitled to a higher level of protection than otherwise provided in the protective order.” Tellermate could not demonstrate entitlement to this level of protection with respect to the search terms used in procuring documentation for discovery: The alleged burden imposed by a high volume production does not provide the producing party or its counsel free reign to choose a given designation and ignore the Court’s order pertaining to that designation. First, the court looked to whether competitive harm would result from the disclosure of the types of documents produced by Tellermate to a competitor; however, Tellermate’s memorandum on the issue did not contain any evidence about the harm which might result if the plaintiffs were permitted to review any particular document that was labeled “Attorney’s Eyes Only.” Second, Tellermate’s argument as to the harm it would experience was entirely conclusory and was not supported by evidence: Apart from the general concept that disclosure of some types of sensitive information to a competitor may result in harm, it contains no particularized argument which is specific to [the plaintiff], the way in which he was competing with Tellermate, and how the disclosure of any one of the 50,000 pages marked as attorneys-eyes-only would harm Tellermate’s interests. The court was astounded that Tellermate continually failed to meet the burden required to designate the documents as “Attorney’s Eyes Only” and, up until the hearing date, made no effort the redesignate a single page of the 50,000 produced in order to permit the plaintiffs from viewing the documents. Sanctions The court had absolutely no qualms with an award of attorneys’ fees for all motion practice connected to the preservation and production of the Salesforce.com data. “Had Tellermate and its counsel simply fulfilled their basic discovery obligations, neither of these matters would have come before the Court, or at least not in the posture they did.” The court took great concern to the extraordinary lengths the plaintiffs had to go to in order to obtain the documents maintained by the defendant and, even after several rounds of motions, were not able to obtain all of them. The “Attorney’s Eyes Only” designation on the 50,000 documents produced was also unfounded, the court held, and unduly precluded plaintiffs from necessary evidence that supported their case, which warranted fees under Federal Rule 37(a)(5)(A). Conclusion Tellermate provides a warning to all attorneys that the realm of technology in which their clients are constantly interact with is always changing. Therefore, so does the practice of electronic discovery. Counsel must always meet its duties with respect to ESI by engaging in discussions with its clients and opposing counsel about ESI; being aware, and perhaps even knowledgeable, of new and emerging technologies; and investigating and assessing with its clients the sources and status of potentially relevant ESI. By forgoing these practices, counsel opens itself and its clients to easily avoided and costly sanctions. Daniel is the Editor-in-Chief of eLessions Learned and a third-year law student at Duquesne University. To read more about him, click here.  Salesforce.com is a cloud-based customer relationship management system with more than 100,000 corporate customers around the world. Tellermate and its employees used Salesforce.com to track their sales and other interaction with customers. The court recognized that each sales person using the Salesforce.com management system could add, remove, or otherwise change data on their sales account.  See Zubulake v. UBS Warburg LLC, 382 F.Supp.2d 536 (S.D.N.Y. 2005) (counsel had an affirmative duty to monitor preservation an d ensure all sources of discovery information were identified).