One of my clients, a Texas divorce law firm, recently presented the following fact situation to me, which prompted me to write this article:
Lawyer accepted a case where client (hereinafter “wife”) surreptitiously took husband’s laptop three or four months ago while the parties were still residing together, and had it forensically imaged by a private investigator.1 Wife intends to present evidence obtained from the laptop in support of her petition for marital dissolution.2
Issue: Is the lawyer precluded from introducing evidence and does the lawyer incur any malpractice, tort, or attorney disciplinary liability in possessing, viewing, or proffering evidence obtained from the laptop?
My conclusions —based on somewhat cursory research— appear immediately below. I’ve provided some annotations as footnotes for application in Minnesota (for academic discussion purposes only, not as legal advice). I found very little in the way of Minnesota published cases regarding unauthorized computer access. See, e.g., In re Trudeau, 705 N.W.2d 409 (Minn. 2005) (attorney discipline conditional admission based, in part, on respondent's unauthorized computer access by installing and using an email spyware program).
(1) If husband's laptop was not an employer's computer, and if husband's laptop was not password protected by him (requiring wife or wife's private investigator to circumvent any security measure that would create a reasonable expectation of privacy), then wife probably had equal dominion over laptop, as a matter of law (see Texas statute re: "effective consent," infra). However, to whatever extent the court's evidentiary ruling is discretionary, the court might well frown on procurement of evidence through such means, and husband might attempt to invoke the Unclean Hands doctrine. This is even more likely so if that area of the hard-drive was password-protected (from wife), or if the laptop belonged to an employer.
(2) Unless some Texas Rule of Evidence and/or rule of Civil Procure (unknown to me) bars admissibility of evidence based upon "unlawful interception of communications," in a civil case (compare Tex. Code Crim. Proc. Ann. art. 38.23(a)) or based upon any violation of criminal or administrative law, and if wife's conduct in surreptitiously taking laptop for forensic imaging would not constitute an act of "interception" in violation of Tex. Penal Code Ann. § 16.02(b)(1) or unauthorized access under § 33.02, the evidence recovered from the hard-drive probably is admissible, subject to the court's broad discretion.
My conclusions are based on cases from around the country. Although, this fact situation does not appear to have been yet addressed Texas’ appellate courts, I did find the following authorities and analysis helpful:
• Tex.Penal Code Ann. § 33.02 (“A person commits an offense if the person knowingly accesses a computer, computer network, or computer system without the effective consent of the owner”).3
• Tex.Penal Code Ann. § 33.01(12) ("'Effective consent' includes consent by a person legally authorized to act for the owner. Consent is not effective if: (A) induced by deception, as defined by Section 31.01, or induced by coercion . . . (E) used for a purpose other than that for which the consent was given").4
• Tex.Penal Code Ann. § 16.02(c)(4)(B). (It is an affirmative defense to prosecution a person not acting under color of law intercepts a wire, oral, or electronic communication and is one of the parties to the communication has given prior consent to the interception, unless the communication is intercepted for the purpose of committing an unlawful act).
• Vaughn v. Drennon, 202 S.W.3d 308, 320 ( Tex.App., 2006) (tort case, noting that the intrusion-upon-seclusion type of invasion of privacy is "generally associated with either a physical invasion of a person's property or eavesdropping on another's conversation with the aid of wiretaps, microphones, or spying")
• Signorelli v. State, 2008-TX-V0117.004 (In a criminal context, "Generally, when a third party has equal control over the thing to be searched, the third party may properly consent to the search.")
• Lasater v. State, 2007-TX-V0829.002 (discussing reasonable expectation of privacy and scope of consent, where defendant granted victim limited consent to enter his home, and victim searched for and found evidence she provided to law enforcement)
• But see Tave v. Alanis, 109 S.W.3d 890 (Tex.App., Dallas, 2003) (School district employee's termination affirmed, where employee accessed and subsequently disseminated confidential information (inadvertently left on a computer assigned to him for classroom use) violated the District's policy and constituted conduct could cause the public, students, or employees to lose confidence in the administration and integrity of the District).
So, whereas I found no Texas appellate cases that directly address the fact situation, the cases below from around the country do. In reading through these cases, the advocate should pay particular attention to “effective consent,” (in Minnesota "without authorization," which phrase is defined under Minn. Stat. § 609.87(b)) and the meaning of the phrase “interception of electronic communications.” Although some courts, have held that recorded screen-shots constitute “interception of electronic communications,” (e.g., O'Brien v. O'brien, infra), under the narrow reading of the Wiretap Act adopted by the Fifth, Ninth and Eleventh Circuits, very few seizures of electronic communications from computers will constitute “interceptions.” Larue, Wiechman, Terry, & Turner, Trails from the Aether: Cyber-Evidence, (State Bar of Texas CLE, 2007). The advocate should also consider whether a violation of criminal law by wife (or wife's PI) could translate to liability to the firm as an “accessory after the fact,” and that some judges in similar cases from other states based their discretionary decisions on whether the conduct in obtaining the hard-drive was an unlawful act.
(1) Bailey v. Bailey, 2008 WL 324156 (E.D. Mich)). In this recent case from the US District Court for the Eastern District of Michigan, the parties were married for nearly 30 years and had three children. Husband became suspicious of his wife’s activities and installed keystroke logging software on both home computers, with which he was obtained wife’s e-mail and instant-messaging passwords. Husband used these passwords to access her e-mail and messages and learned of her extra-marital activities. Husband fled the marital home with the parties’ three children. He provided the e-mails and messages to his divorce attorney and petitioned for divorce. A custody dispute ensued and husband’s attorney used the wife’s e-mails to impeach her. Wife lost custody and was granted only supervised visitation. After the divorce action concluded, wife sued ex-husband, his attorney and her attorney. Husband and his attorney were sued for violation of (1) 18 U.S.C. §2511 (the Wiretap Act); (2) 18 U.S.C. §2701 (the Stored Communications Act) against husband; (3) 18 U.S.C. §2512 (Wiretap Act) against the husband, his attorney and a John Doe who supplied the keystroke logging software; (4) MCL § 750.539a et seq. and MCL §750.540 (Michigan’s Eavesdropping statutes) against the husband, his attorney and John Doe; (5) invasion of privacy against the husband and his attorney; (6) intentional infliction of emotional distress against all defendants; and (7) malpractice against the wife’s own attorney.
The Wiretap Act. Wife claim against husband and his attorney was based on their obtaining her e-mails and messages using the password retrieved from the key logger software. Under § 2511 (1)(a), a person violates this Act if he or she “intentionally intercepts…any…electronic communication” (c) “intentionally discloses…any…electronic communication…knowing…the information was obtained through the interception of a …electronic communication in violation of [the Act]” and (d) intentionally uses…any…electronic communication” (c) “intentionally discloses…any…electronic communication…knowing…the information was obtained through the interception of a …electronic communication in violation of [the Act]” Defendants successfully argued that there was no “interception” as defined in the Wiretap Act. The court agreed and reasoned that the key logging software only allowed the husband to learn his wife’s passwords, which he then used to access her e-mail. Since the husband did not obtain the e-mails and messages contemporaneously with the transmission, the court ruled the Wiretap Act was inapplicable. The court also ruled that that § 2512 of the Act does not provide for a private right of action and the court dismissed wife’s claim based regarding husband, his attorney and a John Doe who supplied the key logger software.
Stored Communications Act. Wife contended her husband violated the Stored Communications Act by accessing her e-mails. The Act provided that a person was in violation if that person (a)(1) “intentionally accesses without authorization a facility through which an electronic communication service is provided…and thereby obtains…a…electronic communications while it is in electronic storage in such system…” Although husband accessed the wife’s e-mail on her Internet service provider’s (ISP) server and not from the messages stored on her home computer, he argued, because wife had already accessed her e-mails, the Act was inapplicable. But, the court found that the messages on the ISP’s server were stored for purposes of backup protection (since the wife had already accessed those messages) but that does not take it out of the provisions of the Stored Communications Act and therefore the husband’s motion for summary judgment on this count was denied.
Invasion of Privacy tort claim: The court granted husband’s attorney’s motion for summary judgment because there was no evidence the attorney participated in the “intrusion of another’s seclusion,” as alleged by wife. But, the court stated that the wife had a right to privacy in her private e-mail account. Husband’s defense was that wife could not establish her claim because his actions were not objectionable to a reasonable man, because they were subsequent and based upon his inadvertently discovery of wife’s extra-marital activities, and because they were necessary and prudent to protect his family and children. The court found that an issue of fact existed as to whether or not use of keystroke logging to gain access to the wife’s e-mail was objectionable to a reasonable man. Intentional Infliction of Emotional Distress tort claim: The court dismissed wife’s IIED cause-of-action because the use of the key logger did not constitute “extreme and outrageous conduct.”
(2) In Moore v. Moore, (NYLJ, August 14, 2008, at 26, col 1 [Sup Ct, New York County]), a New York County trial court recently ruled that a wife seeking a divorce can use evidence of her husband’s internet activities with another woman which she found on a computer she took from her husband’s car.
The Moore’s were married in 1963. Wife took a laptop computer from husband’s car just before she petitioned for marital dissolution. According to wife’s attorney, she was searching the computer for financial information when she came upon a large number of salacious instant messages which the husband exchanged with a woman in Texas.
Wife’s counsel informed husband’s counsel she had the computer, and the parties agreed to make forensic images from of the computer’s hard drive. The materials found on the hard drive were repeatedly referred to by the wife in affidavits submitted to the Court without objection by husband.
Subsequently, husband moved to suppress the contents of the hard drive. The Court denied the motion, finding that the wife did not commit a crime or otherwise violate the husband’s rights in taking the computer and copying its contents.
The Court noted that the attorneys for the parties specifically agreed to image the hard drive, and husband waived his objection by not timely moving to suppress the evidence. The Court determined that the computer was a family computer and not a work computer as alleged by the husband. The Court also found that the taking of the computer was appropriate since it was done before the commencement of the dissolution case and was taken from the family car.
(3) In O'Brien v. O'Brien, 899 So.2d 1133 (Fla.App. 5 Dist. 2005), a Florida appeals court ruled that wife “illegally obtained” records of husband’s Internet conversations with another woman as the two played Yahoo Dominoes online. “It is illegal and punishable as a crime under (state law) to intercept electronic communications,” wrote the panel.
The court barred wife from revealing the contents of the intercepted conversations, and said the chat records could not be introduced as evidence in the divorce proceedings. At issue in a civil case arising out of the divorce proceedings was whether the use of the spyware, called Spector, violated Florida's wiretapping law, which provides that a person who “intentionally intercepts” any “electronic communication” commits a criminal act.
Wife's lawyers argued that the monitoring didn't fall under the law's prohibitions and was kin to reading a stored file on her husband's computer--which would not be treated as wiretapping. But the court concluded, “because the spyware installed by the wife intercepted the electronic communication contemporaneously with transmission, copied it and routed the copy to a file in the computer's hard drive, the electronic communications were intercepted in violation of the Florida Act.”
(4) In Gurevich v Gurevich (2009 NY Slip Op 29191) the Supreme Court considered CPLR 4506 5 in the context of matrimonial proceedings in which the wife sought to lead email communications obtained from her husband's email account after the service of the divorce action.
The parties had been married for 16 years prior to separation, during which husband had provided wife with the password to his email account, and during which both parties had access to each others email accounts. After separation, wife changed her email password, but the husband neither changed his, nor told or gave notice to the wife that she was not permitted to access his account.
Husband argued that wife was aware he used one password for all his computer accounts, and that she was unreasonable in her belief that, despite his not changing his password until some two years after separation, she was allowed to access his accounts. Husband argued that the content of his emails were inadmissible under CPLR 4506 by reason that the wife had acted unlawfully under Penal Law 250.05 (hereinafter “eavesdropping statute”). Further, husband argued that the initiation of the divorce proceedings was an implied revocation of any authority previously given to her to access his account. The Supreme Court rejected husband’s contention, holding “there is no statute that would recognize an ‘implied revocation upon service of a divorce action’ and bar the use of the email ‘stored.’”
The court examined the eavesdropping statute and CPLR 4506, and rejected wife's contention that CPLR 4506 did not apply to electronic communications:
She relies on dicta in the case of Pure Power Boot Camp v. Warrior Fitness Boot Camp (587 F.Supp.2d 548 [SD NY 2008]) for the proposition that "[t]he plain language of the statute [CPLR 4506] seems to limit its application to the contents of the overheard or recorded communication[s]'" not electronic communication. However, the U.S. District Court further stated that "[u]ltimately, a determination of the meaning of CPLR § 4506 is unnecessary, and better left to the New York state courts." Furthermore, the court in Power Boot Camp v. Warrior Fitness Boot Camp in a footnote stated “Penal Law section 250.05 explicitly includes "electronic communication . . . .”
Husband argued that CPLR 4506 and the eavesdropping statute were not limited to communication or transmission, but also applied to “the intentional acquiring, receiving, collecting, . . . of an electronic communication, without the consent of the sender or intended receiver thereof . . .”
The Supreme Court considered cases cited by wife and the legislative intent behind the eavesdropping statute (to prohibit the interception of communications, not the access of stored communications) and found that she was entitled to rely on the content of the email transmission:
It is this court's understanding from the reading of the statute, legislative history and case law that the purpose of Penal Law section 250.00 is to prohibit individuals from intercepting communication going from one person to another, and in this case an email from one person to another. In the case at bar the email was not “in transit,” but stored in the email account. Even assuming the husband's facts, as stated, to be true, the wife may have unlawfully retrieved information from a computer; in violation of Penal Law 153.10 but there was no interception and accordingly fails to fall within scope of CPLR 4506 as presently written.
(5) 6 In White v. White, 781 A.2d at 87-88, the family computer and entertainment center were located in the sun room, where the husband slept; the wife and the parties’ children often used the sun room to utilize the computer, watch television, and adjust the stereo volume. It was in the sun room that the wife discovered, fatefully, a letter from the husband to his girlfriend.
Shortly after the wife discovered the letter, she hired a private investigative firm, and unbeknownst to the husband–and without using the husband’s password–the PI firm copied the husband’s files from the computer’s hard drive. Such files contained e-mail sent between the husband and his girlfriend, as well as images [uh-oh] that he viewed on [and apparently downloaded from] Netscape. It was only while being deposed during the divorce proceedings that the husband learned that the wife had accessed his e-mail; he had thought–incorrectly as it turned out–that his e-mail and attachments could not be read without his AOL password. Understandably concerned about his e-mails, the husband sought to suppress the electronic evidence, based on violations of the New Jersey Wiretap Act. The New Jersey court opined that, in order to understand the error of the husband’s thinking, it was necessary to understand the technical workings of America Online Service [“AOL”], the husband’s Internet Service Provider [“ISP], explaining as follows:
[i]ncoming e-mails are received on the AOL e-mail server and are accessible to an AOL user only after dialing in and authenticating with the user’s screen name and password. Also, a user cannot send an e-mail via the AOL server until he has similarly dialed in....AOL’s server receives and maintains the e-mail until the recipient dials into AOL and accesses (seeks to read) his mail. In addition, an AOL user can save his e-mails and attachments on his computer’s hard drive. AOL offers the Personal Filing Cabinet [“PFC”] feature, which is created automatically on the hard drive during the installation of AOL on the user’s computer. The PFC is named for user’s screen name...[A]n AOL user must voluntarily choose to save the e-mail, attachment or address to his PFC or address book. The AOL user can save e-mail, attachments, or addresses either by using the automatic AOL feature or manually. To save automatically to the PFC on the hard drive, the user must select that option in “Mail Preferences.”
Specifically, in the main tool bar, the user chooses “Mail Center,” “Preferences” and then checks “Retain All Mail I Send in My Personal Filing Cabinet” and/or “Retain All Mail I Read in My Personal Filing Cabinet”....Additionally, in the “Notes” section of [the Help screens], AOL informs the user that he can read mail stored in the PFC when he is not signed onto AOL, i.e. the PFC is on the hard drive. Similarly... AOL informs the user that e-mail saved in the PFC will remain on the hard drive until the user deletes it.
Id. at 87-88.
Thus, the only way for the husband to be sure that his e-mail would be saved permanently was to use the PFC file on the his hard drive, because his e-mail could not be saved permanently on AOL’s server. Id. at 88. Not knowing his e-mails were being saved, he took no steps to delete them, nor any steps to protect them with a password, which meant that any computer user could view his PFC and e-mails by simply opening the AOL software on the hard drive, and that was exactly what happened: the wife’ s expert simply opened the AOL software and viewed and copied the husband’s emails.
Turning to the legal issues in the case, the New Jersey court first held that the doctrine of interspousal immunity was inapplicable, and that the New Jersey Wiretap Act applied to unauthorized access of electronic communications of one’s spouse. Id. at 88.
Next, the court noted that the New Jersey act [identical to the federal act] prohibited “access” to electronic information in “temporary, immediate storage,” in backup protection, or in transmission. Id. at 89. The court observed that the e-mail in the hard-drive of the computer was in “post-transmission storage.” Id. Pursuant to the statutory language, the court held that the New Jersey act was not meant to extend to e-mail retrieved by the recipient and then stored, but rather protected only those electronic communications which were in the course of transmission, or were backup to that course of transmission. Id. at 90.
The Court then rejected the husband’s argument that the wife accessed his e-mail “without authorization.” Id. Since other courts had held that “without authorization” meant using a computer from which one has been prohibited, or using another’s password or code use the family computer, the court stated that nonetheless she had the authority to do so. Id. (citations omitted). Additionally, according to the court, the wife did not use the husband’s password or code without authorization, but instead accessed the information in question by roaming in and out of different directories on the hard drive. Id.
Finally, the New Jersey court held that the wife did not “intercept” the husband’s e-mails, since the concept of “interception” did not apply to “electronic storage.” Id. at 91. The husband’s electronic communications had already ceased being in “electronic storage,” i.e., they were in post-transmission storage, and therefore the court held that the wife did not “intercept” them. Id.
1 Under Texas law, a person performing computer forensics analysis must be licensed as a private investigator in that state.
2 Texas is not a no-fault divorce state, and divorces may be tried to a jury.
3 See Minn. Stat. §§ 609.89 (Computer theft) & 609.891 (Unauthorized Computer Access, amended 2006).
4 Minn. Stat. § 609.891 uses the phrase, “without authorization”
5 Under CPLR 4506, (Eavesdropping evidence; admissibility; motion to suppress in certain cases), “The contents of any overheard or recorded communication, conversation or discussion, or evidence derived therefrom, which has been obtained by conduct constituting the crime of eavesdropping, as defined by section 250.05 of the penal law, may not be received in evidence any trial, hearing or proceeding before any court or grand jury, or before any legislative committee, department, officer, agency, regulatory body, or other authority of the state, or a political subdivision thereof; provided, however, that such communication, conversation, discussion or evidence, shall be admissible in any civil or criminal trial, hearing or proceeding against a person who has, or is alleged to have, committed such crime of eavesdropping.”
6 The White v. White case digest is excerpted in its entirety from Larue, Wiechman, Terry, & Turner, Trails from the Aether: Cyber-Evidence, (State Bar of Texas CLE, 2007).