Freedman v. America Online, Inc.

303 F. Supp. 2d 121 | D. Conn. | 2004

303 F.Supp.2d 121 (2004)

Clifton S. FREEDMAN, Plaintiff,
v.
AMERICA ONLINE, INC., the Town of Fairfield, and Detectives William Young and David Bensey (individually and in their official capacities) Defendants.

No. CIV. 303CV1048PCD.

United States District Court, D. Connecticut.

February 4, 2004.

*122 Calvin Kin-Meng Woo, Pepe & Hazard, Southport, Daniel J. Klau, Pepe & Hazard, Hartford, CT, for Clifton S. Freedman, Plaintiff.

C. Colin Rushing, Wilmer, Cutler & Pickering, Washington, DC, Rowena Amanda Moffett, Brenner, Saltzman & Wallman, New Haven, CT, Samir Jain, Wilmer, Cutler & Pickering, Washington, DC, Mark A. Perkins, Maher & Murtha, Paul E. Pollock, Bai, Pollock, Blueweiss & Mulcahey, Thomas M. Murtha, Maher & Murtha, Bridgeport, CT, for America Online Inc, Town of Fairfield, William Young, Detective, I/O, David Bensey, Detective, I/O, Defendants.

RULING ON PLAINTIFF'S MOTION FOR PARTIAL SUMMARY JUDGMENT[1]

DORSEY, District Judge.

Plaintiff moves for partial summary judgment on the issue of liability on Counts One, Ten, and Eleven of the Complaint. For the reasons stated herein, Plaintiff's motion [Doc. No. 40] is granted in part and denied in part.

I. Background[2], [3]

On or about April 1, 2003, Defendants William Young and David Bensey *123 executed a State of Connecticut Superior Court Search and Seizure Warrant Application.[4] Defendants allege that Young completed the Warrant Application and that Bensey witnessed his signature on the document. Bensey's claim to have only been a witness is contradicted by his signature on the Warrant Application as an affiant. Thus his claim of a lesser involvement in the process is without merit and no question of material fact is presented.[5] The Warrant Application did not bear a judicial signature and was never submitted to a Judge for his/her signature verifying its being subscribed and sworn before him/ her. The actual form was not filled out nor was it signed by a Judge. It thus constituted a legal nullity. Young and Bensey sent the warrant application to America Online, Inc. ("AOL") via facsimile without further communication.

On April 7, 2003, AOL responded to Young and Bensey's submission by faxing Plaintiff's subscriber information to Young.[6] This information included Plaintiffs name, address, phone numbers, account status, membership information, software information, billing and account information, and his other AOL screen names.

During the course of these actions, Young and Bensey were police officers acting in the official capacities in the performance of their duties, within the scope of their employment as police officers of the Town of Fairfield, Connecticut.

Plaintiff filed an eleven count complaint, alleging the following: violation of the Electronic Communication Privacy Act against all Defendants (Count One); breach of contract against AOL (Count Two); CUTPA violation against AOL (Count Three); violation of the Fourth and First Amendments against Young and Bensey (Counts Four and Five); violation of Article First, §§ 4 and 7 of the Connecticut Constitution against Young and Bensey (Counts Six and Seven); invasion of privacy against Young and Bensey (Count Eight); violation of the First and Fourth Amendments against Town of Fairfield (Count Nine); indemnification pursuant to Conn. Gen.Stat. § 7-465 against Town of Fairfield (Count Ten); and respondeat superior as to Town of Fairfield (Count Eleven).

On December 5, 2003, Defendant AOL's motion to dismiss all claims against it in light of a forum selection clause in Plaintiffs AOL subscription was granted. [Doc. No. 32]. In the present motion, Plaintiff moves for partial summary judgment on Counts One, Ten, and Eleven.

II. Standard

A party moving for summary judgment must establish that there are no genuine issues of material fact in dispute and that it is entitled to judgment as a matter of law. FED. R. CIV. P. 56(c); Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 248, 106 *124 S.Ct. 2505, 91 L.Ed.2d 202 (1986). "A party opposing a properly brought motion for summary judgment bears the burden of going beyond the pleadings, and `designating specific facts showing that there is a genuine issue for trial.'" Amnesty Am. v. Town of W. Hartford, 288 F.3d 467, 470 (2d Cir.2002) (quoting Celotex Corp. v. Catrett, 477 U.S. 317, 324, 106 S.Ct. 2548, 91 L.Ed.2d 265 (1986)). In determining whether a genuine issue has been raised, all ambiguities are resolved and all reasonable inferences are drawn against the moving party. United States v. Diebold, Inc., 369 U.S. 654, 655, 82 S.Ct. 993, 8 L.Ed.2d 176 (1962); Quinn v. Syracuse Model Neighborhood Corp., 613 F.2d 438, 445 (2d Cir.1980). Summary judgment is proper when reasonable minds could not differ as to the import of evidence. Bryant v. Maffucci, 923 F.2d 979, 982 (2d Cir.1991). "Conclusory allegations will not suffice to create a genuine issue." Delaware & H.R. Co. v. Consolidated Rail Corp., 902 F.2d 174, 178 (2d Cir.1990). Determinations as to the weight to accord evidence or credibility assessments of witnesses are improper on a motion for summary judgment as such are within the sole province of the jury. Hayes v. N.Y. City Dep't of Corr., 84 F.3d 614, 619 (2d Cir.1996).

III. Discussion

Plaintiff moves for partial summary judgment on Counts One, Ten, and Eleven, arguing that Defendants are liable for violating § 2703(c) of the Electronic Communications Privacy Act of 1986 ("ECPA"), 18 U.S.C. § 2701 et. seq. Plaintiff alleges that Young and Bensey violated the ECPA by soliciting an information disclosure by AOL with an invalid search warrant. Compl. ¶ 32.

A. ECPA

Congress enacted the ECPA to amend Title III of the Omnibus Crime Control and Safe Street Acts of 1968 "to update and clarify federal privacy protections and standards in light of dramatic changes in new computer and telecommunication technologies." 132 CONG. REC. S. 14441 (1986). In drafting the ECPA, Congress intended to "fairly balance[] the interests of privacy and law enforcement." S. REP. NO. 99-541 (1986).

The ECPA distinguishes between the rights of government entities and the rights of private entities regarding the disclosure of subscriber information by an internet service provider ("ISP"). Section 2703(c)(1) of the ECPA provides that a governmental entity seeking such information from an ISP must comply with specific legal process, e.g. a proper search warrant, court order, or subpoena, or must obtain the subscriber's consent.[7] 18 U.S.C. § 2703(c)(1). In enacting the ECPA, Congress *125 created a private right of action for parties aggrieved by violation of the statute. 18 U.S.C. § 2707(a).[8] "[G]overnmental `entities' are subject to liability under § 2707(a)." Organization JD Ltda. v. United States Dep't of Justice, 18 F.3d 91, 95 (2d Cir.1994).

B. § 2703(c) and Government Liability

Plaintiff argues that Defendants violated § 2703(c) by using an invalid warrant to solicit his subscriber information from AOL. He contends that McVeigh v. Cohen, 983 F.Supp. 215 (D.D.C.1998) supports his position that the government is liable for soliciting subscriber information without complying with the ECPA's legal process requirements.

In McVeigh, a Navy officer contacted AOL and requested information about the identity of an AOL customer (the plaintiff, also a Navy officer). McVeigh, 983 F.Supp. at 217. AOL disclosed the information, and consequently the Navy advised the plaintiff that it was commencing an administrative discharge proceeding against him on the basis that he was involved in homosexual conduct violating the "Don't Ask, Don't Tell" policy. Id. The plaintiff sought a preliminary injunction, arguing that the defendants violated his rights under the ECPA.[9]Id. at 216.

In considering the substantial likelihood of success on the merits, the court noted that the Navy's actions were "likely illegal under the ... ECPA." Id. at 219. The court stated that "[i]n soliciting and obtaining ... personal information about the Plaintiff from AOL" the government failed to comply with the ECPA's requirements that it either (1) had a valid warrant or (2) gave the plaintiff prior notice and sought a subpoena or court order. Id. at 219. The court found it "unlikely" that the government would prevail in its argument that 18 U.S.C. § 2703(c)(1)(B) "puts the obligation on the online service provider to withhold information from the government, and not vice versa." Id. at 220. In soliciting the information from AOL, "the government knew, or should have known, that by turning over the information without a warrant, AOL was breaking the law." Id.

The McVeigh court rejected the defendants' argument that pursuant to Tucker v. Waddell, 83 F.3d 688 (4th Cir.1996), there is no cause of action against the government under § 2703(c). McVeigh, 983 F.Supp. at 220. In Tucker, the court analyzed the statutory language and found that although the government may be liable for violations of §§ 2703(a) or (b), "the language of § 2703(c) does not prohibit any governmental conduct, and thus a governmental entity may not violate that subsection *126 by simply accessing information improperly." Tucker, 83 F.3d at 693. However, Tucker acknowledged the possibility that a governmental entity might violate § 2703(c) by aiding, abetting, or conspiring in the provider's violation. Id. at 693 n. 6. McVeigh rejected Tucker because the sections of § 2703 "were intended to work in tandem to protect consumer privacy." McVeigh, 983 F.Supp. at 220.

Tucker is now rejected for other reasons as well. As Plaintiff argues, since Tucker was decided Congress amended the ECPA and removed the textual distinctions within § 2703 relied on by Tucker. Tucker hinges on the then existing difference between §§ (a) and (b), and § (c). Tucker, 83 F.3d at 692. At that time, §§ (a) and (b) "focus[ed] on the conduct of governmental entities," while § (c) "focus[ed] on the conduct of the service providers." Id. Sections (a) and (b) provided that "[a] governmental entity may require ...", and § (c) provided that "[a] provider of electronic service or remote computing service shall disclose a record or other information pertaining to a subscriber ... to a governmental entity only when the governmental entity" complies with specified legal processes. Id. at 691-92 (quoting 18 U.S.C. § 2703(a), (b), and (c)). Because of this textual distinction, the court found that while the government could be sued under §§ (a) and (b), it could not be sued under § (c) because § (c) did not focus on government conduct. Id. at 693.

In 2001, Congress amended the ECPA and removed this textual distinction. Now, §§ (a)(b), and (c) all begin with identical language focusing on government conduct, providing that "[a] governmental entity may require ..." 18 U.S.C. § 2703(a)-(c). Therefore, Tucker does not foreclose government liability under § 2703(c), and in fact supports the conclusion that the government can be liable under the present text of § 2703(c). To conclude that the government may circumvent the legal processes set forth in the ECPA by merely requesting subscriber information from an ISP contradicts Congress's intent to protect personal privacy.

In light of legal precedent, the framework of the statute, and the legislative intent, governmental entities can be liable under § 2703(c) for soliciting information from an ISP without complying with the legal processes specified in the statute.

C. Analysis

Plaintiff alleges that Young and Bensey violated the ECPA by soliciting disclosure by AOL with a defective search warrant. Compl. ¶ 32; Pl. Mem. at 1. Defendants respond that (1) they merely requested and did not "require" AOL to disclose Plaintiffs subscriber information, (2) there is a genuine issue of material fact as to whether AOL disclosed Plaintiff's information pursuant to the emergency exception, (3) there is a genuine issue of material fact as to whether Plaintiff consented to have this information disclosed and (4) Bensey did not violate the ECPA because he merely witnessed Young's signature on the Warrant Application.

1. Government Request for Subscriber Information from an ISP and Compliance with the Legal Process of the ECPA

Young and Bensey argue that they are not liable because, in accordance with the plain language of the statute, they did not "require" AOL to disclose Plaintiffs information. As noted above, the ECPA provides that

A governmental entity may require a provider of electronic communication service ... to disclose a record or other information pertaining to a subscriber *127 ... only when the governmental entity — (A) obtains a warrant issued using the procedures described in the Federal Rules of Criminal Procedure by a court with jurisdiction over the offense under investigation or equivalent State warrant.

18 U.S.C. § 2703(c)(1) (emphasis added).

Defendants' argument that they merely requested but did not require AOL to disclose the information is disingenuous and does not absolve them from liability under the ECPA. The ECPA imposes an obligation on governmental entities to follow specific legal processes when seeking such information. 18 U.S.C. § 2703(c). Congress designed such procedures to both (1) protect personal privacy against unwarranted government searches and (2) preserve the legitimate needs of law enforcement. S. REP. NO. 99-541 (1986). To conclude that Defendants did not act improperly upon merely requesting such information without following the ECPA procedural safeguards ignores the fact that a request accompanied by a court form has substantial resemblance to a compulsory court order. The deficiency would have excused AOL from complying. In what was submitted Young and Bensey clearly intended that AOL supply the information sought. That AOL responded was nothing less than what was intended and cannot be found to be otherwise. To hold that AOL was less than expected, i.e. required to respond, would erode Congress's intended protection in the ECPA and would undermine personal privacy rights. In soliciting the information from AOL, Defendants knew, or should have known, that AOL was requested to violate the ECPA. See McVeigh, 983 F.Supp. 215, 220. Even if AOL acted without lawful authority in disclosing the information, this does not absolve Defendants from unlawfully requesting or soliciting AOL's disclosure. Putting the burden and obligation on both, the government and ISPs is consistent with Congress' intent to protect personal privacy. Violation by one does not excuse the other. Accordingly, Defendants' argument that they merely requested, but did not require, AOL to disclose Plaintiff's subscriber information does not absolve them from liability for their violation of the ECPA.

2. Emergency Exception

Defendants contend that there is a genuine issue of material fact whether AOL disclosed Plaintiffs subscriber information pursuant to the ECPA emergency disclosure exception. Def. Opp. at 10. They argue that § 2703(c) does not expressly prohibit a governmental entity from requesting information from an ISP, and that to read § 2703(c) as prohibiting a request from a governmental entity would nullify other ECPA provisions. Def. Opp. at 8. For example, they note that the ECPA provides that

A provider ... may divulge a record or other information pertaining to a subscriber ... (4) to a governmental entity, if the provider reasonably believes that an emergency involving immediate danger of death or serious physical injury to any person justifies disclosure of the information.

18 U.S.C. § 2702(c). They argue that the statute does not prohibit governmental entities from providing information about such an emergency situation, and that AOL "may have reasonably believed" that the recipients of Plaintiffs e-mails "faced an emergency situation involving immediate danger of death or serious physical injury." Def. Opp. at 9, 11 (citing 18 U.S.C. § 2702(c)(4)).

Defendants' argument is flawed. First, their conclusory speculation about what AOL "may have believed" is not only lacking in any evidentiary substantiation, but it *128 is also insufficient to raise a genuine issue of material fact to survive summary judgment. They offer no evidence from which a reasonable juror could conclude that AOL believed the e-mail recipients were in immediate danger. See Delaware & H.R. Co. v. Consolidated Rail Corp., 902 F.2d 174, 178 (2d Cir.1990) ("Conclusory allegations will not suffice to create a genuine issue"). Second, as Plaintiff notes, it took AOL over six days to respond to the officers' request for information, a delayed response which severely undermines Defendants' conclusory allegation that AOL "may have believed" the e-mail recipients were in immediate danger.[10] Under the circumstances of this case, Defendants fail to raise a genuine issue of material fact whether AOL disclosed Plaintiffs subscriber information pursuant to the ECPA emergency disclosure exception. The government may not circumvent the legal process specified in the ECPA pursuant to the "emergency" exception on such a speculative basis. This is not a situation where, on its own initiative, AOL voluntarily disclosed Plaintiffs subscriber information to the government. Instead, the government's request, submitted with an invalid warrant, triggered AOL's response, six days later. The Court declines to speculate whether it would ever be appropriate, under exigent circumstances when it would not be feasible to get a signed warrant or comply with other legal process, for the government to notify the ISP of an emergency and receive subscriber information without conforming with the ECPA.

3. Plaintiff's Consent

Defendants argue that there is a genuine issue of material fact whether AOL obtained consent to release Plaintiff's subscriber information. Def. Opp. at 12. They argue that the facsimile cover sheet sent by AOL states "[e]nclosed please find records which, consistent with the [ECPA] 18 U.S.C. § 2703(c)(1)(C) (as amended), respond to your request" regarding Plaintiff. Def. Opp. at Exh. C. Section 2703(c)(1)(C) pertains to disclosure of records subject to the subscriber's consent. Plaintiff argues that he never consented to disclosure, and that the numerous amendments to § 2703 have resulted in the renumbering of the subparts. Plaintiff notes that prior to the most recent amendment in 2001 pursuant to the USA Patriot Act, § 2703(c)(1)(C) pertained to disclosure of records pursuant to a subpoena, and that apparently AOL's "generic" facsimile cover sheet refers to an outdated version of the statute. Pl. Reply at 8.

Resolution of this fax cover page dispute does not obviate Plaintiff's allegation that Defendant unlawfully solicited information in violation of the ECPA, as it is undisputed that, at the time Defendants sought disclosure from AOL, there was no consent from Plaintiff. Def. Opp. at 12. The statute presently clearly instructs that "[a] governmental entity may require a provider of electronic communication service ... to disclose a record or other information pertaining to a subscriber to or customer of such service (not including the contents of communications) only when the governmental entity ... (C) has the consent of *129 the subscriber or customer to such disclosure." 18 U.S.C. § 2703(c)(1)(C) (emphasis added). Here, Defendants concede that they never sought or obtained Plaintiffs consent. Because the statute clearly instructs that the burden is on the governmental entity to obtain consent, Defendants cannot rely on AOL's unsubstantiated alleged obtaining of consent to escape liability.

However, a consent by Plaintiff in AOL's possession when it released Plaintiffs subscriber information may be relevant to the issue of damages. Although there is a genuine issue of material fact as to whether AOL had obtained Plaintiffs consent prior to disclosing the information, Defendants are not absolved from liability for their conduct. This issue should be resolvable in relation to recovering damages once it is determined whether the AOL facsimile cover sheet referred to an outdated version of § 2703(c)(1)(C) and was based on an authorized consent by Plaintiff.

4. Liability of Young and Bensey

Defendants argue that there is a genuine issue of material fact whether Bensey violated the ECPA, because his involvement was "limited to witnessing Young's signature on the Application." Def. Opp. at 10. They provide affidavits by Bensey and Young to support their argument that Bensey did not participate in the investigation of the e-mails and did not communicate with AOL regarding the request for Plaintiffs subscriber information. Plaintiff responds that Defendants previously admitted, in the "Statement of Undisputed Facts" section of the parties Rule 26(f) report, that Bensey and Young "jointly executed" the search warrant. Pl. Reply at 9. Plaintiff mischaracterizes the evidence as reflecting a joint execution of the warrant. As noted above, both served as affiants. Plaintiff notes that Bensey's signature line on the warrant application is identical to Young's, and that by signing the application he became liable for any ECPA violations. Pl. Reply at 9.

Defendants apparently do not contest the fact that if governmental entities may be liable under § 2703(c), Young's actions are sufficient to render him liable. As to Bensey, the argument against his liability, as discussed above, is unavailing. There is no genuine issue of material fact as to whether Bensey's involvement was sufficient to constitute liability under the ECPA.

5. Town of Fairfield Defendant

Although Plaintiff seeks summary judgment on Counts Ten and Eleven as to the Town of Fairfield's liability under the theory of indemnification and the doctrine of respondeat superior, Pl. Mem. at 2, he cites no legal authority and engages in no further discussion of these issues. Accordingly, summary judgment is denied to the Town of Fairfield Defendant.[11]

IV. Conclusion

For the reasons stated herein, Plaintiff's motion for partial summary judgment [Doc. No. 40] is granted in part and denied in part. His motion is granted to the extent he seeks a finding that Defendants Young and Bensey violated the ECPA by soliciting subscriber information without complying with 18 U.S.C. § 2703(c). His motion is denied as to Defendant Town of Fairfield.

SO ORDERED.

NOTES

[1] Plaintiff entitles his motion as a "Motion for Partial Judgment on the Pleadings and/or for Partial Summary Judgment." His memorandum fails to set forth any standard of review and fails to explain why he seeks both partial judgment on the pleadings and/or summary judgment. Defendants' opposition recites the standard of review for summary judgment and Plaintiff does not contest this, and accordingly the motion is construed as a motion for summary judgment.

[2] The facts are taken from the parties' Local Rule 56(a) statements, and are undisputed unless stated otherwise.

[3] The Court presumes familiarity with its previous Rulings in this case.

[4] Plaintiff's allegations stem from an e-mail he sent on or about March 31, 2003, involving a political campaign. Compl. ¶ 12. The email stated "The End is Near." Compl. ¶ 12. On or about April 1, 2003, two recipients of the e-mail reported the incident to the Fairfield Police Department, claiming they had received a harassing and/or obscene message on their computers. Compl. ¶ 13.

[5] By signing the Warrant Application, Bensey became responsible for the contents of the application and the consequences thereof. See e.g. United States v. Tortorello, 342 F.Supp. 1029, 1035 (S.D.N.Y.1972) (noting general responsibility of affiants regarding warrant applications).

[6] Plaintiff alleges that this information was faxed to both Young and Bensey. Defendant alleges that the information was faxed to Young.

[7] The statute provides that

(1) A governmental entity may require a provider of electronic communication service or remote computing service to disclose a record or other information pertaining to a subscriber to or customer of such service (not including the contents of communications) only when the governmental entity — (A) obtains a warrant issued using the procedures described in the Federal Rules of Criminal Procedure by a court with jurisdiction over the offense under investigation or equivalent State warrant; (B) obtains a court order for such disclosure under subsection (d) of this section; (C) has the consent of the subscriber or customer to such disclosure; or (D) submits a formal written request relevant to a law enforcement investigation concerning telemarketing fraud for the name, address, and place of business of a subscriber or customer of such provider, which subscriber or customer is engaged in telemarketing (as such term is defined in section 2325 of this title); or (E) seeks information under paragraph (2).

(2) A provider of electronic communication service or remote computing service shall disclose to a governmental entity [certain subscriber information] of a subscriber to or customer of such service when the governmental entity uses an administrative subpoena authorized by a Federal or State statute or a Federal or State grand jury or trial subpoena or any means available under paragraph (1). 18 U .S. C. § 2703(c).

[8] Section 2707(a) provides as follows:

Except as provided in section 2703(e), any provider of electronic communication service, subscriber, or other person aggrieved by any violation of this chapter [18 USCS §§ 2701 et. seq.] in which the conduct constituting the violation is engaged in with a knowing or intentional state of mind may, in a civil action, recover from the person or entity, other than the United States, which engaged in that violation such relief as may be appropriate. 18 U.S.C. § 2707(a). As the officers failed to seek judicial authorization for a warrant, their state of mind could be seen as "knowing or intentional."

[9] The plaintiff also alleged that his rights were violated under the Navy's own policy, as well as the Fourth and Fifth Amendments to the United States Constitution. McVeigh, 983 F.Supp. at 216.

[10] In addition, the legislative history of the USA Patriot Act's amendment of the emergency exception indicates Congress' intent that the government must strictly abide by the prescribed legal process to receive information about subscribers:

Current law does not expressly authorize the ISP to voluntarily provide law enforcement with the identity, home address, and other subscriber information of the user making the threat. See 18 U.S.C. section 2703(c)(1)(B),(C), permitting disclosure to government entities only in response to legal process.

147 CONG. REC. S. 10365 (2001).

[11] Summary judgment is also denied against Defendant Town of Fairfield as to Count One, as Plaintiff's argument refers only to Young and Bensey.