NYPD seizes adorable dog, person too, in retaliation for video-recording in public, attorney-plaintiff alleges

A New York legal aid attorney was arrested, along with her dog, when she started video-recording police, and then she sued for civil rights violation.

Harvey (Compl. ¶ 36)

The NYPD messed with the wrong person. As the complaint tells it, Molly Griffard, an attorney with the Cop Accountability Project of the Legal Aid Society (Equal Justice Works), was walking her dog, Harvey, in the Bedford-Stuyvesant neighborhood of Brooklyn when "she saw police officers remove a young man from a bodega, and drag him around the corner where they lined him up with other young men against a wall."

Griffard began video-recording with her phone. After she crossed the street at an officer's instruction, she started writing down NYPD car plate numbers. An officer refused to give her his business card upon her request, the complaint alleges. Instead, the officer handcuffed Griffard and arrested her, taking her and Harvey into police custody. She was held at the 79th precinct for eight hours, while Harvey, a nine-year-old Yorkie, was held in the kennel.

Admittedly, what caught my attention in the case was not so much the facts, head-shaking inducing as they are, but the story of Harvey. Journalist Frank G. Runyeon, reporting for Law360, and NBC News 4 New York, also were enchanted.

Griffard and her attorney, David B. Rankin, of Beldock Levine & Hoffman LLP, must have been conscious of Harvey's intoxicating adorableness, too, because they included gratuitous glamor shots in the complaint—as I've reproduced here. 

Harvey (Compl. ¶ 20)

At its fringe, the case might be said to implicate animal rights, or at least the rights of owners of domesticated animals. Courts in the United States and elsewhere in the world are coming around to the idea that domesticated animals such as cats and dogs have a value exceeding their market worth as personal property, especially in the area of tort damages when the animals come to harm.

Griffard make no such claim, though, rather using Harvey as evidence to demonstrate her emotional distress at being separated from him and being given no information about his whereabouts while they were held—and, between the lines, to tug at the heartstrings and demonstrate the utter absurdity of her arrest and detainment.

One paragraph of the complaint does allege that seven-pound "Harvey was traumatized by the incident and now takes medication to treat his anxiety disorder." And the count of unreasonable seizure points out that "Harvey missed his dinner."

The case is Griffard v. City of New York, No. 512993/2023 (Sup. Ct. Kings County filed May 2, 2023).

Reversal in eldercare case highlights limits of qualified immunity, low injury threshold of intentional torts

Boston police officer assists an elderly pedestrian in 2014.
(Alex Klavens CC BY 2.0 via Flickr)

A dispute over elder care occasioned treatment of qualified immunity and a range of tort theories by the Massachusetts Appeals Court yesterday.

Gallagher v. South Shore Hospital arose from an apparently mismanaged effort to investigate and redress a report of elder abuse; the report proved unfounded. The plaintiff caretaker and elder man alleged that a police officer and state agent entered their home without sufficient suspicion or warrant and removed the man from the home, and that a hospital then held and tested the man for five days against her and his will.

Most of the court's opinion comprised blow-by-blow facts and the Fourth Amendment analysis. However, the court opined as well on a range of common law tort claims against the defendants: a police officer, a state-contracted elder service agent, and South Shore Hospital, Inc., for trespass, false imprisonment, and battery. The police officer defended on grounds of qualified immunity, inter alia.

In proceedings on various motions, two trial court judges awarded summary judgment to all defendants. The trial courts held the state actors protected by qualified immunity and the tort claims flawed.

In the estimation of the Appeals Court, the trial courts erred. The Appeals Court reversed and remanded as to all defendants, finding that live questions of fact precluded the summary judgments. In my estimation, the error on qualified immunity was informative, and the errors on tort theories were egregious.

In articulating the qualified immunity theory, the police defendant and eldercare agent pointed to a concurrence by Justice Kavanaugh in a 2020 U.S. Supreme Court case, Caniglia v. Strom, in which the Court held unanimously that a warrantless home entry and firearm seizure violated the Fourth Amendment. The Appeals Court explained:

[Officer] Pompeo argues that the facts at bar are similar to the example of an elder welfare check that Justice Kavanaugh described in his concurring opinion in Caniglia. In his example, "an elderly man is uncharacteristically absent from Sunday church services and repeatedly fails to answer his phone throughout the day and night. A concerned relative calls the police and asks the officers to perform a wellness check." Justice Kavanaugh stated that "[o]f course," in those circumstances, the officers may enter the home. Pompeo argues that she reasonably thought [elder plaintiff] LaPlante was injured or in imminent danger on June 25 because no one responded to the doorbell, knocks, or telephone call, and because [caretaker] Gallagher had left LaPlante in the car with strangers two days earlier.

The trial court found these facts to constitute the requisite exigency to enter the home. The Appeals Court disagreed.

The facts in this case are nothing like the hypothetical Justice Kavanaugh described. The implication of the hypothetical is that the elderly man lives alone. LaPlante did not. Moreover, Gallagher and LaPlante were not out of touch or nonresponsive, as was the elder in Justice Kavanaugh's hypothetical. Pompeo and another elder care worker had seen LaPlante two days earlier ... and his appearance was not a cause for concern....

Further, even if Pompeo could see LaPlante on the couch [through a window], neither he nor Gallagher had any obligation to answer the door or respond to the knock. "When law enforcement officers who are not armed with a warrant knock on a door, they do no more than any private citizen might do. And whether the person who knocks on the door and requests the opportunity to speak is a police officer or a private citizen, the occupant has no obligation to open the door or to speak." Kentucky v. King (U.S. 2011). A jury could find that Gallagher's lack of response to a knock on the door when she was not expecting visitors, and her absence from the room in which LaPlante was sleeping, did not give rise to a reasonable belief by Pompeo that LaPlante was unattended and suffering an emergency.

In an age in which the public is increasingly skeptical of police qualified immunity, the analysis is refreshing for taking seriously the doctrine's objective check on police perception. The likely failure of qualified immunity here leaves the state defendants vulnerable to the civil rights and tort claims on remand.

On the tort claims, the trial courts erred egregiously in dismissing for perceived want of injury. My first-semester, 1L Torts students can tell you that none of trespass, false imprisonment, nor battery requires physical injury, in the sense of impact. These intentional torts all balance a higher culpability state with a lower injury threshold. The lower threshold rests upon the theory that tort objectives such as preserving the peace and averting vigilantism justify recognition of insults to personal integrity or honor, even in the absence of physical or pecuniary loss. The notion is as old as the Roman law of iniuria.

As to trespass, the Appeals Court opined, quoting Massachusetts high court precedents, "It has long been the 'general rule' in this Commonwealth that 'possession of real estate is sufficient to enable the parties in possession to maintain an action against a stranger for interfering with that possession.' Proof of injury is not required; 'the action is founded merely on the possession.'"

Similarly, false imprisonment is accomplished by the plaintiff's awareness of confinement, and battery by an "offensive," that is, non-consensual nor justified-by-social-contract, touching of the plaintiff. In false imprisonment, "[i]t is enough if a person's personal liberty is restrained," the Appeals Court opined. And even if the elder man, not legally competent at the time, "was not aware of his confinement, Gallagher, his proxy, was." The court further relied on, while expressly not adopting, similar sentiments in the Second Restatement of Torts.

On each theory, the plaintiff is permitted to prove compensable loss above and beyond the minimal, prerequisite condition of injury. The caretaker alleged that the elder man in fact deteriorated physically while in hospital care, evidenced by an enlarged bedsore and diminished mobility. And the facts established to date indicate that the elder man had been subject to blood and urine testing in the hospital without the consent of the caretaker, his only proxy: a more-than-de-minimis, physical insult.

The same reasoning that unwound qualified immunity negated any defense of emergency on which the trial courts relied to dismiss the tort claims as a matter of law. And the hospital claimed no emergency over the elder man's five-day residency, such as would have justified failing to seek the caretaker's consent.

Finally, I was struck by a footnote the court dropped that speaks not only to the sad facts of this case, but to the broader context of our present, vigorous public policy discussion about the role of police in society and our infrastructure for social services, such as physical and mental healthcare. The court lamented:

[The eldercare agent who precipitated investigation and police involvement,] Bessette[,] and Gallagher were strangers to one another. Perhaps if Bessette had agreed to assist Gallagher by sitting with LaPlante for an hour while Gallagher did grocery shopping, she could have accomplished her investigatory purpose—allowing her to speak with LaPlante alone— and we might not have a case at all. Pasqualone v. Gately (Mass. 1996) (if officer had asked gun owner to voluntarily turn over his weapons after his license was revoked rather than demand them with considerable show of force, we might have a different case).

Recently, my wife and I read in the New York Times Magazine about the "viral nightmare" that exploded at Arizona State University from students' feud over the "multicultural safe space," fueled in no small part by the university's hyper-formalist response.

"If only someone had sat them down and made them listen to each other ... ," my wife sighed.

The instant case is Gallagher v. South Shore Hospital, Inc., No. 21-P-207 (Mass. App. Ct. Oct. 6, 2022) (temporary posting). Justice Vickie L. Henry wrote the opinion for a unanimous panel that also comprised Chief Justice Green and Justice Sullivan.

University proctor's scan of student's bedroom before online exam violates Fourth Amendment

Nicholas Todd's Bedroom Workspace (Nicholas Todd CC BY 2.0)

In a case with implications for remote testing in all public universities, Cleveland State University violated a student's constitutional rights by requiring a visual scan of his bedroom before he took an online exam, a federal court ruled Monday.

Plaintiff-student Aaron Ogletree complained about the visual scan of his bedroom before a remote exam in General Chemistry II in spring 2021.  The court described the process of the Cleveland State testing service: 

First, at the outset of a proctored online exam, whether proctored through an electronic application or an actual person, students must “show their ID next to their face so you can clearly see and read the ID and be able to tell that that person is the same person that is on the ID.” Second, either the proctoring application or the proctor prompts the student to conduct a room scan of his environment. Other students taking the remote test can see the room scans of other students.

Live exams were not permitted at the time because of the pandemic. Ogletree, who lived with his mother and two siblings, said "that he 'currently [had] confidential settlement documents in the form of late arriving 1099s scattered about [his] work area and there [was] not enough time to secure them,'" the court reported. "The proctor testified that she did not see any tax documents or medications."  A recording of the exam including the room scan was retained by a Cleveland State contractor.

Cleveland State sought to exempt the case from Fourth Amendment purview by analogizing to home visits by benefit administrators. The court rejected the analogy:

[T]he Sixth Circuit[] ... accurately reads this line of cases as applying to a fairly distinct set of circumstances materially different than those at issue here: making welfare benefits contingent, for all recipients, on a limited and consensual search to confirm expenditure of the funds for the interest of a child. In contrast, ... this case involves the privilege of college admission and attendance and does not involve a benefit made available to all citizens as of right. Additionally, the record here shows a variable policy—enforced, unevenly, in the discretion of a combination of proctors and professors—of using remote scans that make a student’s home visible, including to other students, with uncertain consequences.

In the Fourth Amendment reasonableness analysis, Cleveland State pointed to Supreme Court precedents that have been generous to K12 public school officials in searching and drug testing students and their possessions. The court agreed with the plaintiff that an adult attaining a higher education by choice is a different matter from the custodial relationship of a school to a minor child.

The room scan moreover was an ill fit with the aim of exam security. Students were able to access their cell phones and to leave the camera view during exams. And the school could have required papers instead of exam, the court suggested.

Cleveland State is hardly the only university to use room scans. Room scans have been touted as a way of ensuring the security of remote exams. Proctoring contractors might use the technique without a university realizing it. And like other remote services precipitated by the pandemic, remote exams might persist for sake of convenience.

Bar exam authorities typically are public entities, too, subject to the Fourth Amendment. The LSAC that administers the law school admission test (LSAT) is a nonprofit corporation, not a public entity, though there might be Fourth Amendment implications if a public law school requires the LSAT for admission. Either way, it's a bad look for an education gatekeeper to violate privacy.

The LSAC partly averts the privacy problem by requiring test takers to clear their environment of distracting or potentially compromising items. Proctors visually inspect only the test taker's workspace. Despite, or even with, such more limited protocols, law exam administrations in the US and UK have generated ugly headlines about students unable to urinate in privacy. Suffice to say, remote testing security is a work in progress.

The case is Ogletree v. Cleveland State University (N.D. Ohio Aug. 22, 2022), the Honorable J. Philip Calabrese presiding. HT @ Monica Chin for The Verge.

Miami Beach looks like a police state; Ocean Avenue shootings happened anyway

In March, I visited Miami Beach and found it to have the feel of a police state.

Uvalde and the shortly subsequent widely reported shootings happened while I was away from the United States, which was something of a mercy. I didn't have to live through the immediate trauma of it all happening again. But thinking about what happened and what could or should be done, including John Oliver's apt skepticism of the perennial calls to harden school security, caused me to remember my experience in March.

I've always liked Miami Beach. The art deco aesthetic combines with Latin-flavored food, drink, and entertainment and incomparable people watching to provide a unique and memorable experience every time. I had not been there, though, in many years, and I was anxious to see how it emerged from the pandemic.

I had a good time revisiting old haunts, but I found the nighttime police presence downright oppressive. Countless cop cars sat with their blue and red lights illuminated all along Ocean Drive and in Lummus Park. Bright spotlights made artificial daylight in the park and on the beach inside the dunes; paths to the ocean were closed. Surveillance cameras were everywhere, perched upon lamppost after lamppost. It was a police state on steroids. (All photos RJ Peltz-Steele CC BY-NC-SA 4.0.)

I could not imagine what had happened that precipitated such security, and I was inclined to be critical. Then, shortly after I returned home and despite what I'd witnessed, news broke of five separate shootings during the main week of spring break. Authorities declared a state of emergency and imposed a midnight curfew to quell further violence, NPR reported.

I have no great insights as to what is going on at Miami Beach. I can only say that one of my favorite places, a vacation destination in the United States, looks more like a police state than actual police states I've visited abroad. And that didn't avert five shootings.

I don't have the answers, but making more places look like what Miami Beach has become doesn't seem to be one.

U.S. White Paper on 'Schrems II': Emperor still clothed

A new U.S. white paper on data protection means favorably to supplement the record on U.S. surveillance practices that, in part, fueled the European Court of Justice (ECJ) decision in "Schrems II," in July, rejecting the adequacy of the Privacy Shield Framework to secure EU-to-US data transfers.

From the U.S. Department of Commerce, Department of Justice, and Office of the Director of National Intelligence, the white paper suggests that the ECJ ruling was interim in nature, pending investigation of U.S. national security practices to better understand whether they comport with EU General Data Protection Regulation norms, such as data minimization, which means collecting only data necessary to the legitimate purpose at hand.  The paper states:

A wide range of information about privacy protections in current U.S. law and practice relating to government access to data for national security purposes is publicly available.  The United States government has prepared this White Paper to provide a detailed discussion of that information, focusing in particular on the issues that appear to have concerned the ECJ in Schrems II, for consideration by companies transferring personal data from the EU to the United States. The White Paper provides an up-to-date and contextualized discussion of this complex area of U.S. law and practice, as well as citations to source documents providing additional relevant information. It also provides some initial observations concerning the relevance of this area of U.S. law and practice that may bear on many companies’ analyses. The White Paper is not intended to provide companies guidance about EU law or what positions to take before European courts or regulators. 

Armed with this additional information, then, the message to the private sector seems to be, Keep Calm and Carry On, using the very same "standard contractual clauses" (SCCs) that the ECJ invalidated.  Yet if the information featured in the white paper has been publicly available, why assume that the ECJ was ill informed?  (Read more about SCC revisions under way, and their likely shortcomings, at IAPP.)

Unfortunately for the U.S. position, the ECJ opinion was not, to my reading, in any way temporary, or malleable, pending further development of the record.  The white paper comes off as another installment in the now quarter-century-old U.S. policy that the emperor is fully clothed.

I hope this white paper is only a stop-gap.  As I said in a Boston Bar CLE recently, no privacy bill now pending in Congress will bridge the divide between the continents on the subject of U.S. security surveillance.  A political negotiation, which might involve some give from the American side at least in transparency, seems now to be our only way forward.

The white paper is Information on U.S. Privacy Safeguards Relevant to SCCs and Other EU Legal Bases for EU-U.S. Data Transfers after Schrems II (Sept. 2020).

Recent commentaries ponder privacy in license plates, history of animal identity

Two blog entries tangentially related to areas of interest of mine crossed my desk this week.

CC TV (Adrian Pingstone CC0)

Privacy law.  For The Volokh Conspiracy at Reason, UC Berkeley Professor Orin Kerr wrote about the Massachusetts Supreme Judicial Court decision in Commonwealth v. McCarthy, No. SJC-12750, on April 16.  The Court considered the implications of automatic license plate readers under the Fourth Amendment, concluding that there are constitutional consequences, if not resulting in a violation of the defendant's rights in the instant drug case.  Kerr considers the case relative to the Supreme Court's 2018 cell-tower-location decision, Carpenter v. United States, and against the background of his own work on mosaic theory in privacy law (he's not a fan).  In a purely civil context, mosaic theory, born in the national security arena, has long been a key underpinning of personal privacy rights in their encroachment on the freedom of information, an accelerating conflict in the information age.  The commentary is "Automated License Plate Readers, the Mosaic Theory, and the Fourth Amendment: The Massachusetts Supreme Judicial Court Weighs In" (Apr. 22, 2020).

Peacock plumage (Jatin Sindhu CC BY-SA 4.0)

Animal law.  Evolution of animals at law was the subject of an Earth Day commentary for Legal History Miscellany by history Professor Krista Kesselring at Dalhousie University in Nova Scotia.  She traced the historical change in cultural and common law regard for animals from aesthetic adornment, to property of utility, to something, perhaps, at last, with intrinsic value.  The commentary is "Can You Steal a Peacock? Animals in Early Modern Law" (Apr. 22, 2020).  U.S. courts have evidenced a dawning recognition of animals as more than mere personal property, even in a civil context, moving beyond welcome developments in criminal anti-cruelty statutes.  The nascent trend is evident and needed especially in the area of tort damages, in which the valuation of a pet as an item of property fails profoundly to account for real and rational emotional suffering upon loss.  See furthermore the recent: Richard L. Cupp, Jr., Considering the Private Animal and Damages (SSRN last rev. Apr. 2, 2020).  HT @ Private Law Theory.

COVID-19 stresses United States on domestic borders; war analog might foster state solidarity upon federal power

Rhode Island Governor Gina Raimondo was recently
threatened with a lawsuit by New York Governor Andrew
Cuomo.  U.S. Air National Guard Photo
by Master Sgt Janeen Miller (2016).

I have just published at the new blog, Law Against Pandemic. Here is the abstract:

The coronavirus pandemic is stressing not only our healthcare systems, but our political and legal systems.  The pandemic has challenged our sense of identity in humankind, pitching us back and forth between a spirit of global solidarity and a competition of human tribes for resources and survival.  That tension plays out in our political and legal responses to the pandemic, manifesting the natural human temptation to tribalism in both international and intranational dimensions.

As policymakers struggle to respond to the pandemic and to curb the outbreak of COVID-19, I have been struck by the emergence of interstate tensions in the United States.  The pressure of the pandemic, aggravated by a slow and uncertain governmental response at the federal level, has been a brusque reminder that the United States are a plural: a federation of states that famously endeavored “to form a more perfect Union,” but that, like human governance itself, remains a work in progress.

Read more at the new blog, Law Against Pandemic

 

Revenge porn law can survive First Amendment scrutiny by requiring 'actual malice'

Last week a Tyler, Texas, appellate court struck the state’s criminal revenge porn law as fatally overbroad, so facially unconstitutional, under the First Amendment to the federal Constitution.  The ruling garnered headlines heralding the unconstitutionality of revenge porn law, which could have big implications in privacy law and policy nationwide—even ramifications for U.S. foreign relations.

However, the court’s ruling was not so broad as headlines have suggested.  In fact, the court gave wise and constructive feedback on what a revenge porn law needs to look like to pass constitutional muster—which it can.  It seems in the end that the Texas law was just not well drafted.  Accordingly, the revenge porn laws that have proliferated in the United States, now in 38 states (collected at Cyber Civil Rights Initiative), should be scrutinized and, if necessary, corrected.  (Constitutional problems with Vermont and Arizona laws were mentioned just today by the U.K. Register, here.)

The Texas case, Ex parte Jones, No. 12-17-00346 (Tex. Ct. App. Apr. 18, 2018), involved a criminal information against Jones under Texas Penal Code section 21.16(b), which criminalizes the “unlawful disclosure of intimate visual materials.”  The statute reads:

A person commits an offense if:

  (1) without the effective consent of the depicted person, the person intentionally discloses visual material depicting another person with the person’s intimate parts exposed or engaged in sexual conduct;

  (2) the visual material was obtained by the person or created under circumstances in which the depicted person had a reasonable expectation that the visual material would remain private;

  (3) the disclosure of the visual material causes harm to the depicted person; and

  (4) the disclosure of the visual material reveals the identity of the depicted person in any manner[.]

The statute, section 21.16(a), furthermore defines “visual material” broadly (“any film, photograph, videotape, negative, or slide or any photographic reproduction that contains or incorporates in any manner any film, photograph, videotape, negative, or slide,” as well as electronic transmission) and “intimate parts” specifically (““the naked genitals, pubic area, anus, buttocks, or female nipple of a person”).

The court’s First Amendment analysis was sound.  The court applied de novo review to test the constitutionality of a criminal statute.  The court rejected a narrow construction that would confine the law to mere obscenity, as stringently defined by federal precedent.  Because the statute is then a content-based restriction of expressive content, the court charged the government with the burden of rebutting presumptive unconstitutionality.  The State conceded at oral argument that the law must survive strict scrutiny, i.e., advance a compelling state interest and be narrowly tailored to do so.  Intimate privacy passes muster on the first prong, but the statute facially fails narrow tailoring.  The court acknowledged that overbreadth doctrine is “strong medicine”; nevertheless, the statute could not measure up.

The court illustrated the statute’s fatal flaw with a hypothetical, unattributed so presumably original, that seems drawn from a law school or bar exam:

“Adam and Barbara are in a committed relationship. One evening, in their home, during a moment of passion, Adam asks Barbara if he can take a nude photograph of her. Barbara consents, but before Adam takes the picture, she tells him that he must not show the photograph to anyone else. Adam promises that he will never show the picture to another living soul, and takes a photograph of Barbara in front of a plain, white background with her breasts exposed.

“A few months pass, and Adam and Barbara break up after Adam discovers that Barbara has had an affair. A few weeks later, Adam rediscovers the topless photo he took of Barbara. Feeling angry and betrayed, Adam emails the photo without comment to several of his friends, including Charlie. Charlie never had met Barbara and, therefore, does not recognize her. But he likes the photograph and forwards the email without comment to some of his friends, one of whom, unbeknownst to Charlie, is Barbara’s coworker, Donna. Donna recognizes Barbara and shows the picture to Barbara’s supervisor, who terminates Barbara’s employment.”

“In this scenario,” the court observed, “Adam can be charged under Section 21.16(b), but so can Charlie and Donna.”

Therein lies the problem: not necessarily as applied to Adam, but as applied to Charlie and Donna, who are ignorant of the circumstances under which the photo came to be.  Certainly Charlie, who received the photo from Adam “without comment,” might as well believe that Adam ripped the photo of a stranger from a pornographic website.  However indecent the photo, both Charlie and Donna have a First Amendment right to communicate the photo “downstream.”  Yet without Barbara’s consent, Charlie and Donna run afoul of the revenge porn law.  Given the ease with which persons can share visual images in the age of electronic and online communication, the court found “alarming breadth” in this potential criminalization of expression.  In First Amendment overbreadth doctrine, a facially overbroad criminal law must be ruled unconstitutional even if it might be constitutional as applied to the defendant before the court.

The court distilled the law’s flaws in two dimensions related to culpability.  Typically of a criminal prohibition, the statute requires intent.  But intent pertains only to the republication of the image.  The statute does not require that the actor have “knowledge or reason to know the circumstances surrounding the material’s creation, under which the depicted person’s reasonable expectation of privacy arose.”  Second, the statute does not require “intent to harm the depicted person,” or even knowledge “of the depicted person’s identity.”  Borrowing the language of civil law (meaning common law tort), one would say that the statute requires volitional intent, but not intent to commit a wrong or to cause an injury.

The requisite intent to survive constitutional challenge may be likened to “actual malice,” which is used in both civil and criminal defamation law to describe “knowledge of falsity or reckless disregard of truth or falsity.”  In the context of revenge porn, a constitutional law might require “actual knowledge of the depicted person’s reasonable and continuing expectation of privacy in the image, or reckless disregard of same.”  If Charlie knew the identity of Barbara, so might infer the circumstances under which the photo had been taken, then the State might at least allege recklessness.  Donna, who did know Barbara’s identity, might be charged.  But she should be entitled to defend upon a qualified privilege, borrowed again from common law defamation, to share information in the interest of a recipient or third party when the defendant should disclose according to general standards of decency.  A corrected statute would hold Adam accountable without a constitutional problem.

Also just last week, the Rhode Island legislature (my home state) passed a revenge porn bill (2018-H 7452A) that has the support of the Governor Gina Raimondo (AP).  Raimondo vetoed a revenge porn bill in 2016, objecting on free speech grounds (Providence Journal).  Her position now is bolstered by the Texas decision in Jones.  Beefing up the intent requirement is precisely one of the R.I. legislative fixes that brought the latest bill to fruition.  The Rhode Island bill requires that the defendant intentionally disseminated, published, or sold “[w]ith knowledge or with reckless disregard for the likelihood that the depicted person will suffer harm, or with the intent to harass, intimidate, threaten or coerce the depicted person.”

I still have qualms about extending the “reasonable expectation of privacy” (REP) standard—which is drawn from Fourth Amendment jurisprudence as a bulwark against improper state action—being extended into the realm of private criminal or civil liability.  REP is potentially much broader than the intimate-depiction definitions of revenge porn laws.  And criminalization and civil liability are not the same.  Even though criminal defamation is constitutional when qualified by actual malice, contemporary human rights norms discourage the criminalization of expression at all.

At the same time, I have argued in favor of evolving U.S. law to recognize downstream control of private information, in consonance with both American values in the information age and emerging global legal norms.  Revenge porn laws—as against Adam, to the exclusion of Charlie and Donna—are a modest step in that direction, which European observers will welcome of us.  We will have to remain vigilant to continue to protect freedom of expression in tandem with expanding privacy rights, especially in a time in which the latter at the expense of the former is the fashion.  Conscientious actors such as the Jones panel (Worthen, C.J., and Hoyle and Neeley, JJ.) and Governor Raimondo are doing well, so far.

SCOTUS 'Microsoft' privacy case likely moot, R+C blog reports

It looks like we won't get an answer from the U.S. Supreme Court in the Microsoft privacy case.  For the Data + Privacy Security Insider at Robinson + Cole, Kathleen Porter and Connor Duffy report that the Government and Microsoft agree that the case was mooted by the CLOUD Act, signed into law in March as part of omnibus spending legislation. 

The CLOUD Act gives the Government the authority to compel Microsoft to produce the sought-after data, whether stored at home or abroad, and the Government already has attained a warrant under the new law.  Microsoft's reported statement indicates that the company's position was exonerated insofar as it maintained that the legislature was the appropriate branch of government in which to resolve the matter.

I wrote about Microsoft and the pending Carpenter case for the winter 2017 newsletter of the Privacy, Cybersecurity & Digital Rights Committee of the ABA Section of International Law (published just last month, March 2018).

Fourth Amendment privacy case, set for oral argument Nov. 29, touches on US-EU data protection divide

I've published a short preview of Carpenter v. United States, 819 F.3d 880 (6th Cir. 2016), cert. granted, No. 16-402 (U.S. June 5, 2017) (SCOTUSblog), a Stored Communications Act, 18 U.S.C. § 2703(d), set for oral argument in the U.S. Supreme Court on Wednesday, November 29.  Here's an excerpt; link below to the full article and the ABA publication in which it appears.

U.S. Supreme Court accepts cell phone privacy case with transnational implications

A privacy case headed to the U.S. Supreme Court will give justices an opportunity to examine “the third-party doctrine” in U.S. constitutional law. The doctrine manifests a central feature of American privacy policy, marking a divide that has flummoxed transnational data transfer negotiators.

*  *  *

The urgent problem on the transnational scene is that the secrecy paradigm is incompatible with emerging global privacy norms. In EU data protection, for example, privacy follows data downstream. A person can divulge information with strings attached, and the strings are enforceable against subsequent recipients, such as Internet retailers. Even in public places, a data collector, such as a surveillance camera owner, has affirmative obligations to captured subjects. This incompatibility goes a long way to explain the incongruence of European apoplexy and American nonchalance in reaction to global surveillance by the U.S. National Security Agency.

*  *  *

However suspenseful, Carpenter proffers bad facts to kill the third-party doctrine outright. As the Sixth Circuit observed, ordinary people know that cell phones communicate with nearby towers, and their location data are not as damningly precise as GPS. The privacy intrusion was therefore modest, and statute afforded some safeguard. What will be interesting to see in Carpenter is whether more justices lend their voices to the Alito or Sotomayor position, and whether the replacement of Justice Scalia with Justice Gorsuch unsettles the Court’s fealty to originalism.

Read the article at pp. 5-6 of the fall 2017 newsletter of the Privacy, Cybersecurity & Digital Rights Committee of the Section of International Law of the American Bar Association, available here in PDF. 

Intimate large parties and the duty to protect privacy

I had to take a blog break over the holidays in order to get a hefty book read and to write a review of it.  I’ll post on that when it comes closer to publication.  Meanwhile, my, how the world has changed!  Let me kick off the new year with a look at some related developments in privacy law.

As Marion Oswald of the University of Winchester wrote recently for the journal of Information Communication & Technology Law (open source), to paraphrase, privacy ain’t what it used to be.  Oswald opened with a quote from The Great Gatsby, so it goes without saying that that needs to be reiterated here.  She wrote,

At one of the Great Gatsby’s spectacular parties, the golf champion Jordan Baker remarked to Nick Carraway that she likes large parties: “They’re so intimate. At small parties there isn’t any privacy.”

From that paradox, Oswald builds the case that privacy must be redefined to protect individuals in the digital world.  She observes the inadequacy of the “reasonable expectation of privacy” (REP) test—the U.S. Fourth Amendment standard—given the objective test’s tendency to drive itself to extinction in a world of objectively diminishing privacy.  Kade Crockford with the ACLU of Massachusetts articulates this point brilliantly in her lectures.  Oswald is not the first to reach her conclusion, but she does so compellingly.

Two recent cases, from Pennsylvania and Massachusetts, reached different conclusions on the question of a corporate defendant’s duty to safeguard private data.  The cases show the struggle under way in U.S. courts to do just what Oswald proposed—to redefine privacy in the digital age.  The United States is increasingly at odds with Europe, and for that matter the rest of the world, on this question.  Heralded as a modern human right in Europe, data protection is a burgeoning global legal field—and corporate obligation.

Duty

First, a quick primer on duty in U.S. tort law.

Tort law in the United States usually provides for a “duty” by “default” in negligence—that is, all persons owe to all other a persons a duty to exercise reasonable care (or not to act negligently), to avert harm to all others.  But the default rule of duty is subject to some important limitations.   

One limitation is the economic loss rule, which circumscribes negligence liability.  The rule precludes a plaintiff’s action for nonphysical, economic injury alone.  There are plenty of exceptions to the rule, and some scholars even think it’s not really a rule at all.  For example, negligent misrepresentation, which is like fraud but without intent, can be supported by economic loss within the context and expectations of a business relationship.

Defamation and privacy torts can generate what looks like economic injury, but really are animated by their own, sui generis classes of damages to reputation and personality.  U.S. privacy torts push in the European direction, but generally do not protect data voluntarily disclosed to third parties, such as employers and banks—a relation of the REP problem.  That means no protection in privacy torts for financial data, even though it’s the stuff of identity theft.

The other limitation on duty by default is that U.S. law imposes no affirmative duty to protect, or to render aid.  This rule, too, is subject to many exceptions, such as a parent’s duty to protect a child, contractual and statutory duties to protect, and a duty not to abandon a rescue undertaken.

Here like in privacy law, European legal codes diverge from U.S. common law with a greater willingness to impose affirmative duty.  In the United States, the affirmative-duty limitation also can relieve a corporate entity of a duty to safeguard data when the injury to the plaintiff is caused much more immediately by an intervening bad actor, such as the hacker or identity thief.  (The problem in proximate causation is integrally related.)

So on to the cases.  Remember, "[i]t takes two to make an accident."

Pennsylvania

A January 12 Pennsylvania court decision, Dittman v. UPMC (Leagle) held that an employer had no duty to safeguard employees’ private information on a workplace computer.  (Hat tip to Richard Borden at Robinson + Cole.)  University of Pittsburgh Medical Center (UPMC) employees numbering 62,000 alleged disclosure of personal information in a data breach, resulting in the theft of identities and of tax refunds.

The court applied a five-factor test for duty: 

1. the relationship between the parties;

2. the social utility of the actor's conduct;

3. the nature of the risk imposed and foreseeability of the harm incurred;

4. the consequences of imposing a duty upon the actor; and,

5. the overall public interest in the proposed solution.

UPMC prevailed in common pleas and superior courts, the latter 2-1, arguing that it owed no duty to protect the plaintiff’s interests.  On the affirmative duty question, the court pointed to attenuated causation and professed willingness to defer to the state legislature.  As summarized by Brian J.Willett for the Reed Smith Technology Law Dispatch: 

The Superior Court observed that the social utility of electronic information storage is high, and while harm from data breaches is foreseeable, an intervening third party stealing data is a superseding cause.

Additionally, the Court explained that a judicially created duty of care would be unnecessary to motivate employers to protect employee information, as “there are still statutes and safeguards in place to prevent employers from disclosing confidential information” in addition to business considerations.

Finally, the Court agreed with the trial court’s conclusion that creating a duty in this context would not serve the public interest; rather, it would interrupt the deliberative legislative process and expend judicial resources needlessly.

The court then bolstered its conclusion by pointing to the economic loss rule as well. 

Massachusetts

Just before the holiday break in December, a Massachusetts Appeals Court also decided a case in which the plaintiff alleged an employer’s negligence in safeguarding private data—though the plaintiff was a client of the employer rather than an employee.

The facts recited by the court in Adams v. Congress Auto Insurance Agency, Inc. (Justia), have the makings of a docudrama.  According to the court, Thomas was fleeing police at high speed when he crashed his car into Adams's.  Thomas was driving the car of his girlfriend, Burgos, so Adams claimed against Burgos’s auto insurance.  Meanwhile Burgos was both customer and customer service manager of defendant insurance agency Congress.  She reported her car stolen and filed her own insurance claim. 

Adams could identify Thomas.  So Burgos used her computer access at work to identify Adams and passed his identity to Thomas.  Thomas then phoned Adams, impersonated a state police officer, and threatened Adams: “‘Shut the F up and get your car fixed or you will have issues,’” the court purported to quote.  Though I bet Thomas didn’t say just “F.”

Adams sued Congress on multiple theories, including negligent failure to safeguard private data.  At the trial level, according to the appeals court, “the motion judge . . . rul[ed] that expert testimony was required to establish whether the agency owed a duty to Adams to safeguard his personal information, what that duty entailed, and whether the agency breached that duty.”

It’s odd that the motions judge sought expert testimony, because, as the appeals court aptly observed, duty is unique among the four elements of negligence—duty, breach, proximate cause, and injury—for being purely a question of law, guided by public policy.  Courts do not ordinarily hear expert testimony on what the law is.  The theory goes that figuring that out is the judge’s main job.  (Too bad, or being a law professor would be more lucrative.  I was gently tossed from the witness stand once when a lawyer made a valiant but futile attempt to squeeze me past the rule.)

Unlike the Pennsylvania Superior Court, the Massachusetts Appellate Court found its way to a legal duty.  The court held “that the agency had a legal duty to Adams, a member of a large but clearly defined class of third parties, to prevent its employee’s foreseeable misuse of the information that Adams provided to process his automobile insurance claim.”  Where the Pennsylvania court had pointed to statute to justify judicial restraint, the Massachusetts court pointed to state data breach law to show that the legislature had green-lighted legal duty (albeit "a single green light, minute and far away").

“Just as those with physical keys to the homes of others have a duty of reasonable care to preserve their security,” the Massachusetts court reasoned, “companies whose employees have access to the confidential data of others have a duty to take reasonable measures to protect against the misuse of that data.”  Indeed, the court cited a keys case as applicable precedent.  The court made no fuss over the rule of affirmative duty or the rule of economic loss.  In a discussion of causation, the court seemed content to resort to foreseeability on the facts.

Summary judgment for defendant Congress was vacated, and the case was remanded for trial.

Conclusion

Advocates who wish to block European-style data protection in the United States use the availability of state tort law remedies as one tool in the toolbox to argue that U.S. law already sufficiently safeguards personal data from both sides of the Atlantic.  That’s not true.  Not yet.

Data protection in the United States is confounded by the rules of affirmative duty and economic loss.  And that’s not bad; those rules exist for sound public policy reasons.  They also are excepted for sound reasons.

I’ve written before (e.g., here and here) that popular thinking and expectations with respect to individual privacy are converging in the United States and Europe, even if a legal bridge lags behind.  Common law negligence can be a vital building block of that bridge.  But it’s a work in progress.

“‘Don’t believe everything you hear, Nick.’”