Tuesday, June 28, 2011

630 Million Weiners With No Protection: How Far Does the Stored Communications Act Go to Stop Subpoena of Your Social Postings?

There was a time when people didn't realize how they could hang themselves with emails.  That was long ago, before corporate executives went to jail based on impulsive emails admitting their nefarious intentions.  Now corporations have standard policies against putting incriminating statements in emails.  [They word those policies more circumspectly than I do however].  

We are now in a similar cultural transition.  People are coming to understand that what your write on Facebook may not stay on Facebook.  I am seeing it in the employment law arena when employees are being fired for blasting their bosses on social media sites.  

The law has always limped along behind the technology.  Technology creates, and the law reacts.  Even the system of justice is incredibly slow through the appellate process.  The "lag time" can be years.  In 1986, Congress enacted the Stored Communications Act or "SCA."  The law prevents communication providers of "communication services" from divulging private communications to certain entities and individuals.  Crispin v. Christian Audigier Inc. (C.D. Cal. 2010) 717 F.Supp.2d 965, 971-972.   Fifteen years later courts are trying to apply a law that never envisioned the privacy issues posed by social media.  Even when the law is "out ahead," as with the SCA, it is chronically behind. 

The "SCA" addresses the limits of third party service providers.  It does not address the duties of a party to a litigation to release his own information in response to a subpoena or discovery request.  One implication of this fact is that the party to a case may have a duty to go directly to the social site host to request and obtain information in storage about him.  

I once had a case where a prospective employer, as a condition of offering employment, required the applicant to release her username and login for her Facebook site to allow the employer to complete a "background check."  Without discussing the details, this kind of overreaching attempt to conduct a general search of one's social site postings not otherwise available can be an invasion of privacy if the circumstances indicate that the consent to the search is obtained by duress and undue influence.  Although I have not brought a "Wrongful Denial of Employment" case, there is no reason why such a theory cannot support damages if the Applicant can prove that she would have been hired but for the refusal to allow the open ended search into her "private" matters.  

Even social media profiles visible to the public may be called into question because of the ability to fake an identity [I pretend to be you, use your identity, and post a fictional world of information about you] or to alter images digitally.  Lawyers still must face the sticky question of "authenticating" the profile information as accurate, and unaltered by a third party. Lawyer lesson learned:  if you are going to use it, set the foundation for its admission.  

Conclusion:  In the end, the SCA is an anachronism that Courts will not apply mechanically to social networking.  The real protection is your own common sense that when you do something "social" your privacy expectation is practically non-existent.  I predict courts will expand discovery of social network postings, but require the scope of the "fishing expedition" to be limited, and require authentication that the source of the information is the party who allegedly posted it.