DIVORCE – PRIVACY STATUTES – E-MAIL – UNAUTHORIZED ACCESS – DEFENSES – EMPLOYER’S CORPORATE AUTHORITY AND RESPONSIBILITY — PLEADING — STANDARD FOR MOTIONS TO DISMISS — MERE CONCLUSORY ALLEGATIONS. An Eastern District (Alexandria Division) case, preliminary because the case is still in the demurrer/summary judgment phase, is unpleasantly complex and weird. Still, it holds a number of instructive lessons for divorce practitioners here, who constantly struggle with the issues posed by e-mail snooping – and of course the outraged and indignant accusations that are always brought by spectacularly guilty “victims” thereof. In this suit brought by the business-partner/wife of the business-partner/husband who did the successful “accessing,” the federal judge threw out some counts, but let others stand. Let’s see what his reasoning was. Yes, the wife can sue her husband and so can the LLC lobbying business that they had, which is now represented only by the third of the three partners. They can do so not only under federal statutes but under Virginia law, for the alleged unauthorized access that the husband got to what is described as the wife’s business e-mail account. (He had apparently got the first password simply by looking at his own computer, on/in which she had put it when they were still friends, and inadvertently forgot to remove it.) What’s the damage she alleges? That the knowledge husband gained prejudiced her during divorce negotiations. (Does this mean they’ve already settled the divorce with an agreement, or did that negotiation go nowhere? And either way, how can she sue about that? — a simple divorce lawyer might ask). Husband wanted to dismiss all of the counts that wife brought under state and federal statutes, but the judge gave him only partial relief. First, the Electronic Communications Privacy Act, 18 U.S.C. §2511(1)(a), and the Virginia parallel statutes, Code §19.2-62(A), require “interception” as defined therein, and the wife and corporation failed to allege that. They alleged that they successfully stopped the husband by wife’s change of her e-mail account password, so that he had to ask the IT consultant (unsuccessfully) for it. That’s not the same thing as intercepting e-mail messages during their transmission and before they have reached the intended recipient account on the server. And whether wife had actually read them or not, they had definitely reached their destination before husband did anything effective. Thus they were not “transmissions,” which are the sorts of things you can “intercept.” Also dismissed were two counts under §18.2-162.3, as neither statute nor Virginia case law supports the claim that simply reading an electronic communication is §18.2-162.3 “Conversion of Property.” Another count was dismissed because it failed to state a claim for unauthorized examination of personal information without saying, at least in some way or another, what that plundered personal information was. After all, §18.2-152.5 requires that. A lot of issues in this pending case swirl around the question of husband’s status in the partnership. Five counts allege civil liability because he acted without authority or exceeded his authority in using “a computer network” — whatever that phrase (see earlier FLN article on the dumbness of that statutory term) stands for these days. These counts all include and hinge upon a prohibition against unauthorized access, and husband contended that he was fully authorized: he contended that Florida law allows the manager of an LLC total access to computer networks, including the password-protected accounts of co-managers like his wife. One of the reasons the court did not buy that is that he cited no Florida statute or case law saying so. The federal judge does make the interesting point that in addition, the concept of “access” cannot ever turn simply on a business title or position, because computer networks have “expected norms of intended use,” which is a matter of proof for trial – and the plaintiffs’ pleadings really show that such an inquiry will be needed. They say that he used someone else’s password to gain access to this account and had no legitimate business reason. This is enough of a factual issue to withstand a motion to dismiss. Global Policy Partners LLC v. Yessin, ___ F. Supp. 2d ___, 24 VLW 698 (11/24/09). (The language about “expected norms of intended use” comes from U.S. v. Phillips, 477 F.3d 215, 219 (5th Cir. 2007).)
Incidentally, the Computer Fraud and Abuse Act (CFAA) is 18 U.S.C. §1030(a), the Electronic Communications Privacy Act (ECPA) is 18 U.S.C. §2511, the stored Communications Act (SCA) is 18 U.S.C. §2701, and the three Virginia statutes were Code §§ 18.2-152.3, and .5, and §19.2-62(A).
Apparently husband when he had access read some e-mails coming to his wife from her lawyer which she had not yet read. She alleged that the snooping was discovered, or suspected, when he began to use phrases during negotiations that she and the divorce lawyer had used in e-mail conversations. When she changed her password on June 25, 2009, his attempts to get the new one from the IT specialist were unsuccessful. Further offenses concerned attempts to get into her e-mail. Damages that were alleged to the LLC were that the compromise had impaired the value of their computer system and forced them to spend money to secure the network, and that the damages to her were a “loss of bargaining power” in her on-going divorce proceedings.
The problem with the claim that husband “obtained, embezzled, or converted property” under one of the Virginia statutes is that none of the allegations gives rise to a plausible inference that he viewed the “employment or financial information” that one of the Virginia statutes requires.
In case you wondered, in throwing out several of the wife’s counts, the federal court shows that it is well aware of “the tenet that a court on Motion to Dismiss or Summary Judgment must accept as true all of the allegations contained in a complaint”. But it also notes that that rule “is inapplicable to legal conclusions,” citing Ashcroft v. Iqbal, 129 S. Ct. 1937, 1949 (2009), and Bell Atlantic Corp. v. Twombly, 550 U.S. 544, 570 (2007). It added from Walker v. Prince George’s County, No. 08-1462 (4th Cir., July 30, 2009), that “Threadbare recitals of the elements of a cause of action, supported by mere conclusory statements, do not suffice.” That of course describes the claims wife made and how she phrased them.
Specifically, the Court holds that interception “does not include “accessing” the messages stored on a destination server.” Of course once it gets there, it becomes “stored communication” within the meaning of the Stored Communications Act. However, violations of that Act, do not constitute interception within the meaning of ECPA or Virginia §19.2-62. It does not matter whether the intended recipient person has actually read the e-mail messages on the server at the time: what controls is where they are. Plaintiffs argued in reply that they had used the word “intercepted” at least 13 times in their complaint, but as the Court had previously explained, the answer to that is “So what?”, since that is a mere conclusory recital. As for the allegation that the husband gained strategic information in the pending divorce proceedings, the Court holds that “legal strategy does not fall into any of the [§18.2-152.5] statute’s enumerated categories either literally or [by] ejusdem generis … .”