Civil Discovery of Social Media Information

With the increasing use of social media, some attorneys have turned their attention to mining the data for litigation purposes.  This appears especially true in employment law cases because of the numbers and the likelihood that both employees and employers will use networking sites for business purposes or to discuss workplace issues. See generally, http://www.facebook.com/press/info.php?timeline; Mattingly v. Milligan, No. 4:11cv00215 (E.D.Ark. Nov. 2011) (Employee’s Facebook status update protected by First Amendment).   In some of my recent cases (e.g., products liability; contract disputes) I have seen discovery requests that look like this:

“List each email address, social networking site (i.e., Twitter, Facebook, Match.com) and user name that you have used in the past ten years.”

This request raises privacy concerns if only because a ‘user name’ or password is requested.  But, I also think that many people would object to such a request because they also consider their writings (e.g., 'posts' and 'tweets') private despite the label “social”.  I think this is true because many users choose to restrict their communications to a defined list of ‘friends’ or ‘followers’ rather than making their posts available to the general public.  It is this measure of control that most social media sites have preserved that arguably provides a social media user with a reasonable expectation of privacy in their communications.  See United States v. Chan, 830 F. Supp. 531, 534 (N.D. Cal. 1993) (expectation of privacy in electronic repository for personal data is analogous to a personal address book or other repository for such information). Cf. State v. Martin, 106 Wn.App. 850 (2001) (DOL records); Taus v. Loftus, 40 Cal.4^th 683 (2007) (court records).  However, whether a court in a given jurisdiction would agree with this perspective in a given case is largely uncertain especially when social media use is perceived to be a relaxation of privacy and when existing law(s) provide little guidance. See e.g., O`Grady v. Superior Court, 139 Cal.App.4th 1423, 1461, 1464-1466 (2006) (considering whether a blog could constitute a "periodical publication" for purposes of  journalism shield law, even though "digital magazines" did not exist when the statute was enacted.) There are a few recent cases arising from motions to quash subpoenas for production of social media information that provide further insight.

In Crispin v. Christian Audigier, Inc., 717 F. Supp. 2d 965 (C.D. Cal. 2010), defendants served subpoenas duces tecum on four third-party businesses and social networking websites including Facebook and MySpace.  Crispin filed a motion to quash the subpoenas arguing, among other things, that third-party Internet Service Providers (“ISPs”) are prohibited from disclosing electronic communications under the Stored Communications Act (“SCA”) 18 U.S.C. Section 2701 (a) (1) and that the requests were otherwise violative of his privacy rights.

The SCA generally prohibits, subject to certain exceptions, a “person or entity providing an electronic communication service to the public” from “knowingly divulging to any person or entity the contents of a communication while in electronic storage by that service.” Id.  The SCA does not include an exception for civil subpoenas. See O’Grady v. Superior Court, 139 Cal.App. 4^th 1423 (2006); FTC v. Netscape Communications, Inc., 196 F.R.D. 559 (N.D. Cal. 2000) (holding that EC holders may not produce “content” records in response to a civil subpoena and cannot be compelled by court order to do so.)  On the other hand, Google, after sending a form letter objection, has stated that it will produce records showing solely the dates and times of emails sent by account holders if there is no objection within 20 days.

In Crispin, the District Court found that the legislative history of the SCA suggests that Congress wanted to protect electronic communications that are configured to be private, such as…electronic bulletin boards [See Konop v. Hawaiian Airlines, Inc., 302 F.3d 868, 875 (9^th Cir. 2002)] and that the plaintiff had standing to attack the subpoenas to Facebook and MySpace because he had a personal right to the information (noting that Facebook posts are accessible only to those whom the user selects and thus are not strictly public.) See Crispin v. Christian Audigier, Inc., 717 F.Supp. at 980. See also Twitter: New Challenges to Copyright Law in the Internet Age, 10 J. Marshall Rev. Intell. Prop. L. 231, 236 (2010) (although tweets are publicly visible by default, senders can restrict messages to their followers).

In sum, the Court in Crispin granted the plaintiff’s motion to quash because applicable law supported arguments that the social media user had a reasonable expectation of privacy by the way he had set his account or had defined the audience with which he communicated.

As the Crispin case demonstrates, however, courts will likely continue to struggle with the intent of statutes designed to regulate electronic communications especially if the laws do not readily accommodate new technology and means of communication.  There is also little doubt that a court could reach a decision different than Crispin on a privacy issue with only a subtle change in facts concerning how the user employed social media.  See e.g., Moreno v. Hanford Sentinel, Inc., 172 Cal.App.4th 1125, 1130 (2009) (MySpace.com post was publicized to an audience whose size supported waiver of any privacy right). See also U.S. Internet Service Providers Assn., Electronic Evidence Compliance -- A Guide For Internet Service Providers, 18 Berkeley Tech. L.J. 945, 965 (2003) (some courts have ultimately managed to skirt privacy objections to a subpoena to an ISP by ordering the subscriber to give consent to the disclosure of the contents of his or her e-mail/electronic data thought to be relevant to a dispute). See also O’Grady v. Superior Court, 139 Cal.App. 4^th 1423 (2006) (the discovery must be directed to the owner of the data, not the bailee to whom it was entrusted).

In 2012, I expect to see a number of new cases addressing peculiar case facts associated with whether social media user(s) have protected privacy interests in so-called ‘social media’ communications;  whether the form and content is relevant to a dispute and whether the issue of compelled production is properly raised and can be decided by the court as framed by the litigants.