Sophos Cloud Optix
A US judge has ordered that women suing their employer for sexual harassment must hand over passwords for Facebook, email and other social media accounts.
The case was brought by the Equal Employment Opportunity Commission (EEOC) on behalf of some 20 women against The Original Honeybaked Ham Company.
Lead plaintiff Wendy Cabrera and her fellow plaintiffs have charged their manager, James Jackman, with “frequently” groping and making sexual requests of the women who worked for him.
The plaintiffs also claim that they reported Jackman’s behavior to the corporate office, but Jackman’s higher-ups failed to do anything to stop the harassment.
On 7 November, Michael E. Hegarty, a Colorado federal magistrate judge, issued a court order [PDF] declaring Cabrera’s Facebook posts to be fair game for the defendant to use, arguing that posting it in such a public place pretty much nixes any privacy objections.
The precise nature of the material from the court order is as follows:
- Statements that discuss [Cabrera’s] financial expectations in [the] lawsuit;
- A photograph of [Cabrera] wearing a shirt with the word [C***] in large letters written across the front (a term she alleges was used pejoratively against her, also alleging that such use offended her);
- Musings about her emotional state in having lost a beloved pet as well as having suffered a broken relationship;
- Other writings addressing her positive outlook on how her life was post-termination;
- Her self-described sexual aggressiveness;
- Statements about actions she engaged in as a supervisor with Defendant…;
- Sexually amorous communications with other class members;
- Her post-termination employment and income opportunities and financial condition…
Hegarty wrote in his court order that each of these categories is potentially relevant, and the fact that it was stored on Facebook means the claimants have already put it out there — at least in semi-public view:
"If all of this information was contained on pages filed in the 'Everything About Me' folder, it would need to be produced. Should the outcome be different because it is on one's Facebook account? There is a strong argument that storing such information on Facebook and making it accessible to others presents an even stronger case for production, at least as it concerns any privacy objection. It was the claimants (or at least some of them) who, by their own volition, created relevant communications and shared them with others."
In a posting to Eric Goldman’s Techology & Marketing Law blog, Venkat Balasubramani writes that in the realm of the zany, this takes the cake, given that handing over passwords gives away the entire contents of the plaintiffs’ accounts, including irrelevant information or information protected under the Stored Communications Act.
Besides exposing information that’s got nothing to do with the case and which is legally protected from discovery, litigators fumbling around in somebody’s account could well make “unwitting changes”, he writes.
Better, he argues, to manually export the specific material requested.
Justice Hegarty admitted that social media presents “thorny and novel issues” with which courts are only now coming to grips, and that despite Honeybaked Ham’s requests being justifiably relevant, the handover of such material is a “significant intrusion” on the plaintiffs’ “semi-private lives”.
So while he agreed that the women’s social media content should be produced, Judge Hegarty also said he wasn’t sold on all of Honeybaked’s alleged areas of relevant information, is appreciative of privacy concerns, and therefore is using a forensic expert as the data middleman.
The women have been ordered to turn over cell phones used in text messaging, their social media logins, and whatever else is needed to get into email accounts or blogs used during the time covered by the allegations. The forensic expert will step in as necessary to make sure that only legitimately discoverable materials change hands.
What constitutes reasonable expectation of privacy as it pertains to Facebook? The Electronic Frontier’s (EFF) Surveillance Self-Defense Project drills down into Fourth Amendment questions like that, noting that the Supreme Court has stated that:
"The Fourth Amendment does not prohibit the obtaining of information revealed to a third party and conveyed by him to Government authorities, even if the information is revealed on the assumption that it will be used only for a limited purpose and the confidence placed in the third party will not be betrayed."
The EFF explains that we don’t necessarily have Fourth Amendment protection for the records others keep on us, given that we either freely gave it to them and thereby knowingly exposed it, or it was gathered on public sources:
"It doesn’t necessarily matter if you thought you were handing over the information in confidence, or if you thought the information was only going to be used for a particular purpose."
For what it’s worth, in the comments section to Ars Technica’s coverage of this story, there’s a thoughtful discussion vis-a-vis whether wearing a t-shirt with a pejorative word like “C***” on it disqualifies a person from claiming harassment connected to the use of that same word.
What’s more relevant to the question of cyber privacy, to my mind, is that the court views social media as fair game for discovery, including logins and cell phones.
Be warned: This attitude negates whatever limited privacy we can expect from, for example, limiting who can view our posts.
It’s yet another example of the futility of expecting that we have control over the things we post online, so be careful what you post.
If you don’t want a given Tweet or Facebook post to wind up in front of a hostile lawyer or on the front page of the newspaper, think about not posting it at all.
Online privacy and sexual harassment images courtesy Shutterstock.
EEOC logo courtesy of eeoc.gov.
The Fourth Amendment only allows an American citizen the right to not incriminate themselves, .i.e. the right to remain silent, or to not produce evidence that may implicate them in a crime. As soon as they submit evidence to another party, such as Facebook, then I don't think that right extends to Facebook; indeed, if Facebook withholds that evidence, they could be charged with obstructing a criminal investigation.
@rohaq
You are referring to the Fifth Amendment to the United States Constitution, not the Fourth.
The Fourth Amendment states:
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
Thus the debate as to whether we are "secure in [our] persons, houses, papers, and effects…".
Here is a link to a transcript of the Bill of Rights: http://www.archives.gov/exhibits/charters/bill_of…
Exactly what does her facebook account have to do with his sexual misconduct at the work place. That’s bullshit.
It is kind of disturbing the direction this is going in. A large number of people end up cataloging their entire life on places like Facebook and the government in turn looks at that information as fair game. Yet another reason I am glad I am not on any of the social networks.
The judge says the women’s social behavior is fair game? What? This shouldn’t even be a privacy issue. It’s old fashioned character assassination. Isn’t this an attempt to justify the defendant’s behavior? Unwanted advances, no matter how “loose” you are alleged to be (or not to be), are still unwanted.
I hate to use an insignificant analogy, but if I buy a million things from my local Sears over the last few years, the last thing I really want in the evening is to get calls from Sears home services. They may believe they have a right to call me because I am a frequent customer (my behavior), but if I tell them not to call me again, then I would expect their behavior to change, and not call me anymore. If they continue to call me, then that is harassment. My threshold for harassment may be higher or lower than the next person, but once reached, and I so indicate, then it needs to stop.
Even if Sears (or the defendant) believes my behavior justifies their behavior, my insistence that they not bother me again should be enough to stop it. It is harassment to continue their behavior.
Why do they expect the plaintiffs to hand over their log-in details when the e-mail provider & the social network can hand that information over ….. if they have a warrant?
This sounds like a way to by-pass the whole warrant problem to me.
If I am not mistaken, it is against Facebook's Terms of Use to give your password to anyone. If they want the information, they need to issue a valid warrant to Facebook to produce whatever they can prove is there. Shame on the judge!
My grandfather, a Justice of the Peace, long before the advent of personal computers, told me "never put anything in writing that you wouldn't want to appear in court". Sounds as if that's still good advice.
I don't do "facebook", and the more I read like this the less inclined I am to start. Really like CML's comment about Terms o Use.
Why would he need a password for FB? he can just order her to 'friend" an evidence account. But, yes FB is public and not a personal website, but I see horrid abuse if she hands the keys over…