Monday, October 31, 2011

First Department Holds that Privacy-Restricted Facebook Content Is Discoverable

PERSONAL INJURY ACTION – FACEBOOK CONTENT – DISCOVERY
Patterson v. Turner Constr. Co.

(1st Dept., decided 10/27/2011)

Learned of this decision from one of my Google Scholar email alerts regarding the Romano v. Steelcase decision. 

In his personal injury action against the defendant, plaintiff claimed damages for physical and psychological injuries, including the inability to work, anxiety, post-traumatic stress disorder, and the loss of enjoyment of life.  Defendant sought discovery of all of plaintiff's Facebook records compiled after the incident alleged in the complaint, including any records previously deleted or archived.  When plaintiff declined to produce such records, defendant moved to compel plaintiff to provide an authorization allowing Facebook to release such records.  The motion court (New York County Supreme Court Justice Jeffrey K. Oing) granted defendant's motion insofar as ordering plaintiff to sign an authorization for all his Facebook records, but deferred determination on defendant's motion to compel to the extent of directing plaintiff to produce his Facebook records for an in camera review.  Plaintiff appealed. 

In unanimously REVERSING the order compelling production of all Facebook records, the First Department held:
Although the motion court's in camera review established that at least some of the discovery sought "will result in the disclosure of relevant evidence or is reasonably calculated to lead to the discovery of information bearing on the claims" (Abrams v Pecile, 83 AD3d 527, 528 [2011] [internal quotation marks and citation omitted]), it is possible that not all Facebook communications are related to the events that gave rise to plaintiff's cause of action (see Offenback v L.M. Bowman, Inc., 2011 WL 2491371, *2, 2011 US Dist LEXIS 66432, *5-8 [MD Pa 2011]). Accordingly, we reverse and remand for a more specific identification of plaintiff's Facebook information that is relevant, in that it contradicts or conflicts with plaintiff's alleged restrictions, disabilities, and losses, and other claims.

The postings on plaintiff's online Facebook account, if relevant, are not shielded from discovery merely because plaintiff used the service's privacy settings to restrict access (Romano v Steelcase Inc., 30 Misc 3d 426, 433-434 [2010]), just as relevant matter from a personal diary is discoverable (see Faragiano v Town of Concord, 294 AD2d 893, 894 [2002]).
As I discuss during my social media presentations, Facebook, MySpace and their ilk will no longer produce content of their user's accounts pursuant to civil subpoenas, leaving parties wishing to obtain such content from privacy-protected accounts limited to obtaining such content either from the users directly or from the providers with the user's authorization. 

Monday, October 3, 2011

Social Media Content Research in Insurance Underwriting and Claims Functions

In the hour and 52 minutes left from 35,452.8 feet in the air on my way to Las Vegas to speak at the  International Claims Associations's 102nd Annual Educational Conference, I'll try to finish this post, which I started back in June.

Today in Orlando made 16 times that I've delivered my social media research presentation around the country to insurer claims, underwriting and SIU groups since May 2010.  I had a sense that this would be a hot topic for insurers when Jennifer Parys and Wendy Walberg asked me in May 2009 whether I'd be interested in putting a presentation on this subject together and returning the following year to present it at their Rocky Mountain Chapter of the International Association of Special Investigation Units' annual conference in Denver.  When I said I'd do it, however, even I didn't anticipate this much interest.

The explosive growth of social media and the number of its personal and commercial users has drawn the attention of insurers interested in determining whether its content can be useful in making responsible underwriting and claims decisions.  Which, I suppose, is why my presentation strikes such a chord.  Those of you who have seen that presentation, or one of its earlier iterations, know that this area is as dynamic as the ever increasing number and varieties of participants.  Not two of the 16 past iterations of this presentation have been the same.  Having found some stuff online this evening (thank you Delta for having WiFi on most of your flights), tomorrow's PowerPoint will also be unique.

Although my presentation is laden with tips and techniques for finding, securing and utilizing social media content, its overarching theme is this:  understand that the law -- statutory, regulatory, and case-decisional --  on most things cyberspatial is relatively immature, behooving insurers to tred carefully into and through this largely unmarked area.  To date, I have told insurers that there is no law -- no law specifically addressing whether and how an insurer may find, secure and utilize social media content relating to an insured or claimant.  But the development and appearance of such law is as inevitable as there will be smaller, faster and more powerful devices for pushing what previously was private information into and onto Web 2.0 platforms.

If you work for an insurance company and want a copy of my latest PowerPoint on this subject, send me an email.   Sorry, I won't share with others.  This was designed for insurers and their service providers.  You understand.

Similarly, if you, your company, or your industry organization is interested in having me present the static PPT slides in a more dynamic, interactive way, complete with the technique and resource demonstrations, let me know.  I've done both in-person and webinar presentations of this topic.

If any of you is interested in seeing this presentation, you can join me at the NJSIA's 21st Annual Anti-Insurance Fraud Training Seminar in Atlantic City on October 19th (seminar runs from the 17th through the 19th).  Or I'll be delivering it on November 3rd at a meeting of the Michigan Council of Professional Investigators in Novi, Michigan -- insurer claim and SIU types will be welcome, I'm told.

In the 4% battery life I've left, let me share with you what I posted recently on the discussion boards of several LinkedIn groups I belong to:
Could Creating a False Profile on Facebook or MySpace Be Considered a Felony under the Computer Fraud & Abuse Act of 1986? 
As I was leaving the IASIU conference in San Antonio last week, Elizabeth Somers of Farmers and Blake Cole of Mutual of Omaha alerted me to an interesting article/editorial opinion piece that appeared in the September 14, 2011 online edition of the Wall Street Journal entitled “Should Faking a Name on Facebook Be a Felony?”, written by Orin Kerr, a former federal prosecutor and professor of law at George Washington University School of Law.   
In that piece, Kerr suggested that creating a fake profile on Facebook or MySpace could be construed as committing a misdemeanor in violation of the Computer Fraud and Abuse Act of 1986 (CFAA). Kerr reported that the US Senate Judiciary Committee was then considering amending the CFAA to raise the level of its violation to a felony. The 2009 case mentioned in Kerr's article involved Lori Drew, the mother from Missouri who created a fake MySpace profile of a handsome 17-year-old boy and tormented a 13-year-old girl so much that she committed suicide. Drew was charged, prosecuted and convicted in federal court under the CFAA. Her conviction, however, was subsequently overturned. In overturning the conviction, the trial judge held that although an intentional breach of the MySpace terms of service (TOS) could possibly fit the definition of an unauthorized or exceeding authorization access to MySpace computers, rooting a CFAA misdemeanor violation in an individual's conscious violation of a website's TOS rendered the CFAA unconstitutionally void due to vagueness. The judge summed up his opinion by stating that allowing a violation of a website's TOS to constitute an intentional access of a computer without authorization or exceeding authorization would "result in transforming section 1030(a)(2)(C) into an overwhelmingly overbroad enactment that would convert a multitude of otherwise innocent Internet users into misdemeanant criminals." By the way, Kerr knew about that case because he was one of Drew’s attorneys. 
Apparently Kerr's suggestion that creating a fake FB or MySpace profile could be considered criminal was troubling enough to US Senators Al Franken and Chuck Grassley that they proposed new language for the bill to exempt those guilty only of TOS violations. You can read about that amendment, and the amendment itself, in the No, Faking Your Name On Facebook Will Not Be A Felony" article that appeared on September 16th on Forbes.com.  That article reports that the bill, presumably as amended, will now move forward to be considered by the Senate. 
The answer then to this discussion's title/question is no, the mere act of creating a false profile on Facebook or MySpace will not be considered a felony under the CFAA.
There will be more to come. Count on it.