Cyberlaw Update: Secret upskirt videos of employees aren’t protected data

May 16, 2012

Cyberlaw Theme Month

(Editor’s Note: Technology changes so quickly nowadays that it’s sometimes hard to keep up. To help with this, Westlaw Insider will be looking at recent developments and updates in social media law and cyberlaw throughout the month of May.)

For the first week’s post on a Facebook “Like” not being expressive, click here.

For the second week’s post on personal jurisdiction and Facebook, click here.

Or, at least, they aren’t protected in this case.

The court actually ruled that whatever was deleted off of the owner’s iPhone and iPad wasn’t protected since the owner didn’t actually specify what was deleted (but the facts make it pretty obvious what was deleted).

Here’s what happened.

Former employees of a law firm sued the law firm and the owner, Jeremiah Johnson.

The plaintiffs – all of them female – alleged that Johnson required them to wear skirts in the office.

The policy wasn’t only a matter of maintaining office decorum, according to the former employees.

Instead, the plaintiffs allege that Johnson used an application on his iPhone and iPad to conduct video surveillance of the area beneath a particular desk in the office such that he “secretly obtained video recordings of plaintiffs’ legs, lower torsos and undergarments.”

Johnson counterclaimed for violations of the Computer Fraud and Abuse Act, alleging that the former employees accessed Johnson’s iPhone and iPad in violation of the CFAA and deleted data from those devices.

The CFAA is a federal law that makes it a crime to intentionally access a computer without authorization or to exceed authorized access, and thereby obtain or modify information from any “protected computer” (check out this post for a little more information on the act).

The CFAA provides a civil cause of action for those violations under specified circumstances, and the one that Johnson is citing as grounds for his counterclaim applies if he lost at least $5,000 because of the violation.

As I mentioned above, he didn’t specify exactly what data was deleted by the plaintiffs, nor did he specify how he actually sustained the loss, so the court granted the plaintiffs’ motion to dismiss the counterclaim.

It should be pretty obvious by now why Johnson didn’t specify what was deleted off of his iPhone and iPad (hint: the upskirt videos of the former employees), but what’s less obvious is whether – had Johnson actually specified what was deleted – his counterclaim would have been successful.

Strictly speaking, the former employees did violate the CFAA (at least, its criminal provisions), though it is highly unlikely that, if the women were indeed only accessing Johnson’s devices to delete the secret videos, they would be formally charged.

The success of the civil cause of action would hinge on whether there was actually a $5,000 loss from what was deleted.

We could get into all kinds of potential scenarios involving schemes to sell the videos over the Internet, or Johnson himself valuing the videos in excess of $5,000, but all of those situations either involve additional legal liabilities for Johnson or just make him look even creepier.

If Johnson was willing and able to allege, arguendo, what was deleted and that it was worth over $5,000, he may have actually had a sound legal claim against the former employees (whether a judge would actually rule for him is a different story).

Regardless, though, even though it caused the dismissal of his counterclaim, not stating what was deleted from his iPhone and iPad was probably a smart move on Johnson’s part.

On the other hand, it would have been a smarter move if the videos were never created in the first place.