Data Breach Litigation – A New Frontier: Anderson v. Hannaford Brothers Co.

By Zachary L. Neal[1. Mr. Neal is a Senior Associate in Alston & Bird LLP’s Litigation and Trial Practice Group, and he is a member of Alston & Bird’s Security Incident Management and Response Team.  He is a graduate of the University of Georgia and the University of Pennsylvania Law School.  The opinions expressed in this article are Mr. Neal’s and do not necessarily reflect the views of Alston & Bird LLP or its potential or current clients.][pullquote][A]lthough Anderson will likely encourage even more data breach lawsuits, Anderson also underscores the difficulty plaintiffs will have in certifying classes even if they clear the other hurdles discussed in this article.[/pullquote]Companies and government entities gather and aggregate an ever-increasing amount of consumer data.  This data runs the gamut from the seemingly innocuous – like shopping habits – to the sensitive – like social security numbers and account numbers.  As these entities gather and store data for their legitimate purposes, instances of unplanned releases of this information – or data breaches – are on the rise.  And with data breaches come lawsuits from plaintiffs – or putative classes of plaintiffs – who fear their personal information may have been compromised.

The United States Court of Appeals for the First Circuit’s recent decision in Anderson v. Hannaford Brothers Co.[2. 659 F.3d 151 (1st Cir. 2011).]  discusses one important aspect of data breach litigation – whether plaintiffs can allege the necessary harm to survive a motion to dismiss.  Anderson is one of the few instances where a court has concluded that the plaintiffs have alleged the necessary harm, meaning it is an important decision to consider in evaluating potential liability arising from a data breach.

Before discussing Anderson, this article first provides a general overview of how data breaches occur and why lawsuits tend to arise from them.  This article then discusses another threshold issue – whether plaintiffs can establish Article III standing when suing in federal courts. If a plaintiff does not have standing, then the issues discussed in Anderson will not come into play.  Finally, the article discusses Anderson in detail and explores its implications for future cases.

In sum, although Anderson will likely encourage even more data breach lawsuits, Anderson also underscores the difficulty plaintiffs will have in certifying classes even if they clear the other hurdles discussed in this article.

Data Breach Causes and Consequences

Data breaches may arise from a number of sources, including:

  • Careless disposal of sensitive information (e.g., a company throws away sensitive information in a Dumpster);
  • Inadvertent loss of sensitive information (e.g., an employee downloads sensitive information to some form of portable media and then misplaces that media);
  • Theft of sensitive information (e.g., an employee’s laptop is stolen from his or her car); and
  • Hacking to obtain sensitive information (e.g., a computer hacker breaches a company’s network and obtains sensitive information).

After a data breach occurs, forty-six states require businesses or government entities to report breaches to consumers in certain circumstances.  If notification is required, the data breach will become public, which, at least in the case of large data breaches, often leads to extensive coverage in both the mainstream media and on the internet.  This publicity, in turn, tends to generate lawsuits, which are often brought as class actions in federal court. These suits are likely attractive to plaintiffs’ lawyers because – at least in the case of large suits – there are potentially millions of class members.  These class members are often sympathetic as almost everyone fears identity theft or other forms of fraud.  And depending on the circumstances of the breach, plaintiffs have a number of claims to choose from, including negligence; breach of express or implied contract, State unfair and deceptive trade practices act statutes; State data breach notification laws; and the Fair Credit Reporting Act.

Article III Standing

A threshold issue in most data breach lawsuits is whether plaintiffs have standing to bring claims where they have not yet been the victim of identity theft or other fraudulent activity.  In particular, courts have focused on whether plaintiffs have suffered an injury-in-fact where a data breach has occurred but the plaintiffs’ information has not been misused.[3. test Pisciotta v. Old Nat’l Bancorp, 499 F.3d 629, 634 (7th Cir. 2007); Krottner v. Starbucks Corp., 628 F.3d 1139, 1142 (9th Cir. 2010).]

Circuit courts have split over whether plaintiffs have standing under such circumstances.[4. Compare Pisciotta, 499 F.3d at 634 (holding such plaintiffs had standing) and Krottner, 628 F.3d 1139, 1142-43 (holding such plaintiffs had standing) with Reilly v. Ceridian Corp., 664 F.3d 38, 43-46 (2011) (finding such plaintiffs did not have standing).]  The Seventh and Ninth Circuits have been willing to find data breach plaintiffs have standing in certain circumstances even where they do not allege that they have been the victim of identity theft or other fraudulent activity.[5. Pisciotta, 499 F.3d at 634; Krottner, 628 F.3d 1139, 1142-43.]  The Seventh Circuit, for instance, found data breach plaintiffs, who alleged the data breach arose from a sophisticated hacking attack, had standing where no misuse of data was alleged but the plaintiffs alleged “a threat of future harm” from potential misuse of their data.”[6. Pisciotta, 499 F.3d at 634.]  Similarly, the Ninth Circuit concluded that plaintiffs had standing even though they did not allege data misuse.  One plaintiff, the court found, had standing where she claimed “generalized anxiety and stress” as a result of a data breach; other plaintiffs had standing under the circumstances where they alleged an increased risk of identity theft.[7. Krottner, 628 F.3d 1139, 1142-43.]

Conversely, the Third Circuit has refused to find plaintiffs have standing where their information has not yet been misused.[8. Reilly v. Ceridian Corp., 664 F.3d 38 (2011).]  The Third Circuit found that before information accessed in a data breach is misused any harm is speculative because whether harm will ever occur depends on the potential future actions of (at least in that case) an unknown party.[9. Id. at 42.]  What must be shown to establish standing, the court found, are not allegations of hypothetical future harm, but allegations of actual or imminent harm.[10. Id. at 43.]  The Third Circuit distinguished the Seventh and Ninth Circuit cases discussed above by finding that the allegations in both cases suggested more imminent harm.[11. Id. at 44.]  The Seventh Circuit case, the court found, involved allegations of a “sophisticated, intentional and malicious” hacking attack.[12. Id.]  And in the Ninth Circuit case someone had attempted – but failed – to steal one plaintiff’s identity.[13. Id.]   More importantly, however, neither the Seventh nor Ninth Circuit decisions, the Third Circuit found, fully considered constitutional standing requirements as they applied to data breach claims.  The Third Circuit thus found the Seventh and Ninth Circuit cases unpersuasive.[14. Id.; cf.  Katz v. Pershing, LLC, --- F.3d ----, 2012 WL 612793 (1st Cir. Feb. 28, 2012) (finding plaintiff lacked standing where she alleged only that a data breach could occur, not that one actually had occurred).]

Thus, at least in some cases, plaintiffs will be able to allege enough facts to establish standing.  Either they will be able to allege actual harm, such as if they have already been defrauded, or their allegations will be enough to establish, at least in some court’s view, a great enough threat of future harm to establish standing.

Actual Harm and Anderson v. Hannaford Brothers Co.

Even where plaintiffs can establish standing, they will still be left with the tall task of surviving a motion to dismiss their claims based on the argument that they have not alleged sufficient actual harm or damages under their substantive claims.  For instance, in both the Seventh and Ninth Circuit cases discussed above, both courts found the plaintiffs had not alleged sufficient actual harm or damages to survive a motion to dismiss.[15. Pisciotta, 499 F.3d at 634 (finding Indiana law “would not permit recovery for credit monitoring costs” under plaintiffs’ negligence and breach of implied contract claims); Krottner v. Starbucks Corp., 406 F. App’x 129 (9th Cir. 2010) (holding that plaintiffs had not alleged the necessary actual loss or damage to sustain a negligence claim under Washington law because plaintiffs alleged only the possibility of future harm).]

In a departure from most other courts, however, the United States Court of Appeals for the First Circuit, in Anderson v. Hannaford Brothers Co.,[16. 659 F.3d 151 (1st Cir. 2011).] concluded that Maine law allows plaintiffs to recover certain damages arising from a data breach. In Anderson, the plaintiffs brought a class action complaint against Hannaford Brothers Company alleging several causes of actions arising from a data breach.[17. Id. at 153.]  The data breach arose out of hackers accessing Hannaford’s credit and debit card processing system.[18. Id.]  The hackers allegedly stole credit and debit card numbers of 4.2 million Hannaford customers, leading to over 1,800 cases of fraud.[19. Id.]

Reviewing the trial court’s decision partially granting and partially denying Hannaford’s motion to dismiss, the First Circuit concluded that the plaintiffs had stated two causes of action under Maine law – breach of implied contract and negligence – and could likewise properly claim certain damages under those causes of action.[20. Id.]  In analyzing the damage issue, the court focused on so-called “mitigation” damages.[21. Id. at 162.]  The court first found under Maine law that damages must be “reasonably foreseeable.”[22. Id.]  The court then found that a plaintiff may “recover for costs and harms incurred during a reasonable effort to mitigate[]” harm.[23. Id.]  “To recover mitigation damages, plaintiffs need only show that the efforts to mitigate were reasonable, and that those efforts constitute a legal injury, such as actual money lost, rather than time or effort expended.”[24. Id.]

In deciding the plaintiffs had taken reasonable steps to mitigate their potential damages, including paying card replacement fees and buying credit insurance, the court focused on the fact that the case involved a sophisticated hacking attack that allegedly led to many fraud cases.[25. Id. at 164-65.]  The court went to great lengths to distinguish data breach cases where no subsequent fraud had occurred or where there was no allegation that the data theft was anything other than incidental to the “theft of expensive computer equipment.”[26. Id. at 165.] Instead, the court found, in this case, some people had already allegedly been fraud victims. It was thus foreseeable “that a customer, knowing that her credit or debit card data had been compromised and that thousands of fraudulent charges had resulted from the same security breach” would take steps to mitigate her potential damages.[27. Id. at 164.]

Although Anderson will likely encourage plaintiffs to file data breach lawsuits, Anderson also underscores the difficulty plaintiffs will likely have certifying a class for such claims, particularly a nationwide class.  In Anderson, the First Circuit had to engage in extensive analysis of unsettled state law before concluding plaintiffs had properly alleged damages under a single state’s law. The task of deciding whether multiple states’ laws would allow for damages given the particular facts of a case will likely prevent plaintiffs from satisfying Federal Rule of Civil Procedure 23(b)(3)’s predominance requirement. Under the predominance requirement, plaintiffs must show through extensive analysis that any differences in state law are manageable.[28. Sacred Heart Health Sys., Inc. v. Humana Military Healthcare Servs., Inc., 601 F.3d 1159, 1180 (11th Cir. 2010).] This will likely prove to be a hard – if not impossible – task where more than a few states’ laws are at issue, especially where the law in many states is an issue of first impression or in flux.[27. See, e.g., Sacred Heart, 601 F.3d at 1180-83 (district court abused its discretion in certifying a six-state class because the court had not engaged in a rigorous analysis to determine what state law variations existed); Kirkpatrick v. J.C. Bradford & Co., 827 F.2d 718, 725 (11th Cir. 1987) (affirming district court’s denial of a Rule 23(b)(3) multi-state class involving various state statutory and common law claims because “the differing standards of liability required by the laws of the various states would render class action treatment unmanageable”).]

The Opportunities and Pitfalls of Social Media in Litigation

By Audra Dial and Chiaman Wang [1. Audra Dial is a partner with Kilpatrick Townsend & Stockton LLP, specializing in complex patent and trade secret litigation.  Chiaman Wang is an associate with Kilpatrick Townsend & Stockton LLP, specializing in complex business and trade secret disputes.]

Introduction

In today’s information age, Facebook, MySpace, LinkedIn, and Twitter are ubiquitous.  These social media websites are updated on a daily, if not hourly, basis, and contain a wealth of personal information, including a user’s present state impressions.  Litigators can use these resources to find evidence helpful to prosecute or defend a claim, to impeach a witness, or even to uncover possible bias in a juror.  Under some circumstances, social media content is readily accessible without any significant expenditure of time or money, even without engaging in the formal discovery process.  If formal discovery is needed to access certain “private” sections of a social media website, these sections may offer both current and historical data that may prove to be immensely helpful in litigation.

As helpful as this information may be, counsel must also protect their clients from its downfalls.  Clients who tweet or post comments about their case could put sensitive information at risk.  Regardless of whether one seeks to use or prohibit access to social media websites, counsel must make certain that they satisfy their traditional professional obligations in doing so.

Taking Advantage of the Opportunities of Social Media in Litigation

Information from social media websites may be accessed both prior to and during litigation and may be accessed both formally and informally.  Because of the pervasive use of social media websites, a significant amount of information is presently available.  As such, litigators must take advantage of these novel opportunities to gather even more information about their opponents, witnesses, jurors, and even the judge.

1.   Informal Investigations of Social Media Websites Are Both Cost- And Time-Efficient

[pullquote]Just a few clicks of a mouse and all of this information could be at a diligent litigator’s fingertips without the expense of the formal discovery process, which cost is often exacerbated by objections and vague discovery responses.[/pullquote]Given the prevalence of social media websites, these resources should always be included in one’s arsenal of case-related research.  A quick review of the opposing party’s Facebook page will likely reveal, at a minimum, his or her marital status, present location, and date of birth.  A glance at the LinkedIn profile of a witness will disclose his or her work history, including the positions held, the names of current and former employers and possibly co-workers, and the duration of the employment.  Just a few clicks of a mouse and all of this information could be at a diligent litigator’s fingertips without the expense of the formal discovery process, which cost is often exacerbated by objections and vague discovery responses.

Although this information may be readily available on social media websites, accessing this information must be done within the confines of ethical standards.  Counsel may certainly access public portions of websites, even the websites of represented parties or witnesses.  Counsel should not, however, submit “friend requests” to these same people because these requests may violate the rule prohibiting contact with represented parties outside their counsel’s presence.  See ABA Model Rule 4.3 (“[A] lawyer shall not communicate about the subject of the representation with a person the lawyer knows to be represented by another lawyer in the matter….”).  Even when dealing with unrepresented parties and witnesses, counsel may not misrepresent their identity or hire independent third parties to access information under false pretenses through social media websites.  For example, Attorney X cannot pretend to be John Smith to gain access to an unrepresented party’s MySpace page.  Similarly, Attorney X cannot hire Jane Doe to access an unrepresented party’s MySpace page without also requiring Ms. Doe to disclose her affiliation with Attorney X.  Such actions are generally considered deceptive and thus violate the prohibition against lawyers engaging in dishonest or deceitful conduct.  See ABA Model Rule 8.4 (“It is professional misconduct for a lawyer to: . . . engage in conduct involving dishonesty, fraud, deceit or misrepresentation….”).

Given all of the information that is available on social media sites, litigators should ensure they avail themselves of these websites when investigating their cases and preparing for trial.  This information is readily and legally accessible, provided that it is obtained within the confines of the rules governing professional conduct

2.  Formal Discovery of “Private” Sections of Social Media Websites May Provide a Wealth of Information

Federal Rule of Civil Procedure 26 broadly allows the discovery of “any nonprivileged matter that is relevant to any party’s claim or defense.”  As a result of the breadth of Rule 26, courts have permitted discovery of “private” portions of a party’s social media website.  Courts have reached this conclusion in part because social media content is not privileged and is not protected by any privacy expectations.  See, e.g., Davenport v. State Farm Mut. Auto. Ins. Co., No. 3:11-cv-632-J-JBT, 2012 WL 555759, at *1 (M.D. Fla. Feb. 21, 2012) (social media websites are “neither privileged nor protected by any right of privacy”); Largent v. Reed, No. 2009-1823, 2011 WL 5632688 (Pa. Com. Pl. Nov. 8, 2011) (concluding plaintiff had “no privacy rights in her Facebook postings, and there is no general Facebook social networking privilege”).

Although content from social media websites may be discoverable, discovery requests must be carefully crafted to be “reasonably calculated to lead to the discovery of admissible evidence.”  Fed. R. Civ. P. 26(b)(1).  As with traditional discovery, litigators seeking information from social media websites are not “allowed to engage in the proverbial fishing expedition, in the hope that there might be something of relevance”.  Davenport, 2012 WL 555759, at *1.  Accordingly, courts are heavily inclined to grant access to private sections of social media websites when the party seeking discovery can direct the court’s attention to specific information from the public portions of the same website that is relevant or even contradictory to previous statements made during discovery or in pleadings.  See Largent, 2011 WL 5632688 (granting full access to plaintiff’s Facebook page because there were public photos contradicting plaintiff’s prior statements); Romano v. Steelcase Inc., 30 Misc. 3d 426, 430, 907 N.Y.S.2d 650 (Suffolk Cnty. 2010) (granting full access to plaintiff’s Facebook and MySpace accounts because “the public portions of plaintiff’s social networking sites contain material that is contrary to her claims and deposition testimony”).

To ensure one is carefully preparing his case, counsel should take advantage of researching all publicly available information, as such information may then reveal the relevance of private sections of the social media website.  If successful in establishing the relevance of the private portions, a party may be rewarded with full access to the opponent’s social media website, including current and deleted content such as photographs, postings, and even conversations.  See Zimmerman v. Weis Markets, Inc., No. CV-09-1535, 2011 WL 2065410 (Pa. Com. Pl. May 19, 2011) (ordering plaintiff to “provide all passwords, user names and log-in names for any and all MySpace and Facebook accounts”); Romano, 30 Misc. 3d at 435, 907 N.Y.S.2d at 650 (granting access to plaintiff’s “current and historical Facebook and MySpace pages and accounts, including all deleted pages and related information”).  Access to this information provides an opportunity to discover a wealth of information that may assist counsel in prosecuting or defending her case.

Protecting Your Clients From the Pitfalls of Social Media

Although social media websites contain an abundance of personal information about one’s opponents, this information is equally discoverable from one’s own clients.  As such, lawyers should counsel their clients on the risks of maintaining active social media websites, especially during litigation.

As an initial matter, individuals should set their privacy settings to exclude access to their site by the general public.  In addition, clients should be advised to reject any new “friend requests” from unknown contacts.  [pullquote]The less information available in the public portions of a social media website, the less likely an opposing party will be able to gather the requisite information to show that the private portions could be relevant.[/pullquote]  Importantly, clients should also refrain from posting, tweeting, or commenting on aspects of their case during the pendency of litigation.  The less information available in the public portions of a social media website, the less likely an opposing party will be able to gather the requisite information to show that the private portions could be relevant.  In the absence of such a showing, courts will not authorize discovery into private portions of a party’s social media website.  See Tompkins v. Detroit Metro. Airport, No. 10-10413, 2012 WL 179320, at *2-3 (E.D. Mich. Jan. 18, 2012) (denying request for access to plaintiff’s Facebook account because nothing in the public portions indicated the relevance of the private portions).

Depending on the nature of the claims and the client’s use of social media, it may be advisable for clients to deactivate their social media accounts as soon as litigation is contemplated.  This action will ensure that potentially privileged information is not revealed.  Although litigators may recommend the deactivation or decreased use of such sites, counsel must not recommend that their clients “clean up” or delete potentially negative posts, photographs, or tweets when litigation is reasonably anticipated or ongoing.  The deletion of any social media content that could be relevant will likely constitute spoliation and such destruction will subject both the attorney and client to sanctions.

For example, in Lester v. Allied Concrete Company, No. CL08-150 (Va. Cir. Ct. Sept. 1, 2011), defendants submitted discovery requests seeking certain contents of plaintiff’s Facebook pages.  Upon receipt, plaintiff’s counsel advised his client to delete certain photographs on his Facebook account and stated, “we do NOT want blow ups of other pics at trial so please, please clean up your facebook and myspace.”  In compliance with his counsel’s instructions, the client deleted 16 photographs and thereafter deactivated his Facebook account.  Plaintiff’s counsel submitted the following discovery response the day after this deactivation: “I do not have a Facebook page on the date this is signed.”  The court concluded that plaintiff’s counsel’s actions were sanctionable, awarding the defendants the attorneys fees that they incurred in pursuing the Facebook data.  The court also referred plaintiff’s counsel to the Virginia State Bar “for any action it deems appropriate.”  As for the plaintiff, the court awarded monetary sanctions against him and also referred perjury allegations against him to the prosecutor’s office for potential criminal prosecution.  As the Lester case makes clear, severe sanctions can be imposed for the intentional destruction of social media content.  Thus, it is important to ensure that any suggestions regarding the use or non-use of social media during litigation are also coupled with clear instructions not to delete or remove any content that is currently or was previously on the client’s social media websites.

Conclusion

Social media can be both a litigator’s dream and nightmare.  At times, it may lead to immensely helpful information and, at others, it could destroy a client’s credibility.  As such, counsel must ensure they take advantage of the benefits of social media websites during pre-suit investigations and discovery while simultaneously protecting their clients from its pitfalls and ensuring that information contained on these sites is preserved for discovery.  Preservation of the contents of social media is very important and will become increasingly so as the use of social media sites continues to grow.

False Patent Marking Litigation: What Every Company Needs To Know

By Natasha H. Moffitt[1. Natasha Moffitt is a partner in the Intellectual Property Practice Group at King & Spalding.  Ms. Moffitt’s practice focuses on intellectual property litigation and counseling, with a particular emphasis on patent litigation.  She can be reached at nmoffitt@kslaw.com.] & Suzanne Johnson[2. Suzanne Johnson is an associate in the Intellectual Property Practice Group at King & Spalding, and focuses her practice on patent litigation.  She can be reached at suzanne_johnson@kslaw.] There was a marked rise in the filing of false patent marking litigation in 2010, with over 500 such cases having been filed in that year alone.  Small and large companies alike have found themselves in the crosshairs of such lawsuits, leaving many others wondering whether they can avoid becoming the next target.

Liability For False Patent Marking

Section 292 of the United States Patent Act provides, in part, that a person may be liable for false patent marking if he or she, for the purpose of deceiving the public, (1) marks upon any unpatented article the word “patent” or any word or number importing that the same is patented, or (2) marks upon any article the words “patent applied for,” “patent pending,” or any word importing that an application for patent has been made, when no such application has been made or is pending.  See 35 U.S.C. § 292.  The statute further provides that persons found liable for false patent marking “[s]hall be fined not more than $500 for every such offense.”  Any person may sue for the penalty, with one-half of the penalties going to the person bringing suit, and the other half going to the United States.

Forest Group, Inc. v. Bon Tool Co.: Penalties Should Be Applied On A Per Article Basis

In its December 28, 2009 decision in Forest Group, Inc. v. Bon Tool Co., 590 F.3d 1295 (Fed. Cir. 2009), the United States Court of Appeals for the Federal Circuit interpreted the false patent marking statute as requiring that penalties be imposed on a per article basis.  The Court explicitly rejected the notion that the statute imposes only a single fine for each decision to falsely mark, reasoning that such a limited reading of the statute would be insufficient to deter false markers, and would not provide sufficient financial motivation for members of the public to bring suit on behalf of the United States Government.  While the Court acknowledged that its decision might spark a rise in “marking trolls,” it concluded that “it seems unlikely that any qui tam plaintiffs would incur the enormous expense of patent litigation in order to split a $500 fine with the government.”

The Aftermath of the Forest Group Decision

Since the Forest Group decision in late 2009, the legal industry has witnessed a steady increase in the filing of false marking suits.  More than 500 false patent marking cases were filed in 2010, compared to only 17 such cases having been filed in 2009.  Many of these suits have been filed by plaintiffs that have not suffered any direct harm, and that may have been formed for the sole purpose of pursuing such litigation and the significantly higher damages that may now be available.

Legislation has been proposed that may curb the filing of such suits, and may retroactively limit the damages that are available in pending suits.  For example, some proposed legislation would help protect companies by requiring that plaintiffs show competitive injury, and by instituting compensatory damages, as opposed to statutory damages.  Whether and when such legislation will be passed is uncertain.  The Patent Reform Act does appear to be gaining momentum in the Senate, with backing from Democrats and Republicans, and has strong support from the Obama administration.  Nevertheless, it still contains some controversial provisions, unrelated to false marking, opposed by several stakeholder groups.

How Can A Company Protect Itself Against A False Patent Marking Claim?

Companies should evaluate their patent marking practices, and take steps to limit their exposure to false marking claims and penalties.  In particular, companies should consider conducting an audit to ensure that:

  • products marked with a patent number or other patent information practice at least one claim of the patent; the patent has not expired; the patent has not been invalidated by any court or administrative decision; and the patent has not been found to be unenforceable; and
  • products marked with patent application information or “patent pending” practice at least one claim of the pending patent application; and the patent application remains pending before the Patent Office.

Importantly, companies should reevaluate whether a product has been properly marked any time (i) the claims of the patent are construed during litigation, or the patent holder proffers constructions during litigation; (ii) the scope of the patent claims changes upon reissue, during reexamination, or during prosecution of the original pending application; and (iii) the design or functionality of the marked product changes such that it may no longer be covered by the patent or the pending application.  In addition, patent markings for expired patents and abandoned applications should be promptly removed from products, product packaging, and associated advertising.

Companies wishing to discuss the false marking statute, any impact it may have on their business, how to audit their patent marking practices, and how to limit their exposure should consult their patent counsel.

The Georgia Court of Appeals’ Message on Text Messages: Examining Hawkins v. State and Warrantless Searches of Cell Phones in Cars Incident to Arrest

By Timothy H. Lee[1. Timothy Lee is a law clerk for the Honorable Lisa Godbey Wood, Chief Judge, U.S. District Court for the Southern District of Georgia, and following which he will next serve as law clerk with the 11th Circuit Court of Appeals.] In 2001, the United States Supreme Court declared that evolving technology must not “erode the privacy guaranteed by the Fourth Amendment.”[2. Kyllo v. United States, 533 U.S. 27, 34 (2001).]  Since then, however, courts have struggled to apply the protections provided by the Fourth Amendment to new forms of communication and information storage. But as technology – and with it, society’s expectations of privacy – continues to evolve, the question of how to balance the needs of law enforcement against the requirements of the Fourth Amendment has taken on increasing importance. The Georgia Court of Appeals recently made a crucial contribution to this expanding area of law when it decided Hawkins v. State[3. Hawkins v. State, No. A10A1575, 2010 WL 4883650 (Ga. Ct. App. Dec. 1, 2010).] – a landmark case of first impression that sat squarely at the intersection of two challenging areas of jurisprudence: the unsettled doctrine of searches of automobiles incident to arrest after Arizona v. Gant and the emerging law surrounding the constitutionality of cell phone searches.

I.  Searches of Vehicles Incident to Arrest

a.  Pre-Arizona v. Gant

The Fourth Amendment establishes a constitutional right to be free from “unreasonable searches and seizures.” The United States Supreme Court has held that under the Fourth Amendment, warrantless searches are “per se unreasonable . . . subject only to a few specifically established and well-delineated exceptions.”[4. Katz v. United States, 389 U.S. 347,  357 (1967).]  The Court’s decision in Chimel v. California helped establish one such exception—the “search incident to arrest.”[5. Chimel v. California, 395 U.S. 752, 762 (1969).]  In Chimel, the Court held that an officer conducting an arrest may “search the person arrested” to ensure the officer’s safety and to prevent the “concealment or destruction” of evidence.[6. Id. at 763.]  Additionally, the Court declared that an arresting officer may also search the “area into which an arrestee might reach in order to grab a weapon or evidentiary items.”[7. Id.]

While Chimel defined an important exception to the warrant requirement, New York v. Belton was the first significant case addressing search incident to arrest involving a vehicle.[8. New York v. Belton, 453 U.S. 454 (1981).]  Belton provided a bright-line rule for officers making arrests of vehicle occupants: “when a policeman has made a lawful custodial arrest of the occupant of an automobile, he may, as a contemporaneous incident of that arrest, search the passenger compartment of that automobile.”[9. Id. at 460.]  Moreover, the Court stated that officers could search containers – both open and closed – in the passenger compartment of an arrestee’s vehicle.[10. Id.] The Court affirmed and expanded upon the Belton rule in Thornton v. United States, explaining that an officer could conduct searches of vehicle passenger compartments – and  the containers found inside them – as part of a search incident to arrest, even where “the officer first makes contact with the arrestee after the latter has stepped out of his vehicle.”[11. Thornton v. United States, 541 U.S. 615, 617 (2004).]

b. Arizona v. Gant

In April of 2009, the Supreme Court issued a decision – Arizona v. Gant – that substantially altered the search-incident-to-arrest analysis. In Gant, officers arrested and handcuffed a driver who was driving on a suspended license before placing him in the back of their squad car.[12. Arizona v. Gant, 129 S. Ct. 1710, 1714 (2009).]  The officers then conducted a search of the vehicle, where they discovered cocaine.[13. Id.]  The Court, without explicitly overruling Belton, announced a substantially different and more nuanced approach to searches of vehicles, replacing Belton’s bright-line rule that officers could search cars whenever they arrested an occupant of the vehicle. The Court explained that there were only two situations in which a search of an automobile incident to arrest could take place. First, affirming Chimel, the Court held that a search of the passenger compartment of a car is permissible if the arrestee is “unsecured and within reaching distance of the passenger compartment at the time of the search.”[14. Id. at 1719.]  Second, the Court held that if the officers may search passenger compartments and any containers found therein if have a reasonable belief that they will find evidence of the crime of arrest, even where the arrestee is not within reaching distance of the car.[15. Id.] Arizona v. Gant, by permitting searches of cars incident to arrest in only two situations, effectively overruled Belton and changed the way courts evaluate the constitutionality of warrantless searches of vehicles incident to arrest and the containers therein.

II.  Searches of Cell Phones

Courts have struggled to formulate a coherent framework for analyzing warrantless searches of cell phones, but one relatively popular approach has to been to analogize phones to physical containers. In United States v. Finley, for instance, the Fifth Circuit found that a warrantless search of an arrestee’s cell phone did not violate the arrestee’s constitutional rights because the “permissible scope of a search incident to a lawful arrest extends to containers found on the arrestee’s person.”[16. 477 F.3d 250, 260 (5th Cir. 2007).] Similarly, the U.S. District Court for the Northern District of Georgia concluded that the cell phone was a “container . . . in that it contained information – recent calls, contacts’ telephone numbers, and so forth – not readily apparent without manipulating the cell phone itself.”[17. United States v. Cole, No. 1:09-CR-0412, 2010 WL 3210963, at *17 (N.D. Ga. Aug. 11, 2010.]

Other courts, however, have refused to make such analogies.  The Supreme Court of Ohio, for example, explained that cell phones falls outside Belton’s definition of “container, which implies that the container must actually have a physical object within it.”[18. State v. Smith, 920 N.E.2d 949, 954 (Ohio 2009).]   The court further explained that “[e]ven the more basic models of modern cell phones are capable of storing a wealth of digitized information wholly unlike any physical object found within a closed container.”[19. Id.] Discussing computers and electronics generally, the Tenth Circuit similarly stated in Untied States v. Carey that “[r]elying on analogies to closed containers or file cabinets may lead courts to ‘oversimplify a complex area of Fourth Amendment doctrines and ignore the realities of massive modern computer storage.’ ”[20. United States v. Carey, 172 F.3d 1268, 1275 (10th Cir. 1999).]

Some courts have relied on other justifications for upholding warrantless searches of cell phones. One common rationale is the need to preserve evidence. The District of Kansas justified a warrantless search of a cell phone in part because the “need to preserve evidence is underscored where evidenced may be lost due to the dynamic nature of the information stored on and deleted from cell phones or pagers.”[21. United States v. Mercado-Nava, 486 F. Supp. 2d 1271, 1278 (D. Kan. 2007).]  The court cited with approval a related rationale behind upholding warrantless searches of pagers: “Because of the finite nature of a pager’s electronic memory, incoming pages may destroy currently stored telephone numbers in a pager’s memory.”[22. Id.] By analogy, because cell phones have limited memories, the need to preserve evidence before it is erased or deleted may justify warrantless searches. Unsurprisingly, however, courts have been more reluctant to allow such searches where they have found that there is no danger of evidence destruction. The district court in United States v. Wall, for example, invalidated a search where the government “failed to establish that the text message at issue would have been destroyed absent intervention.”[23. United States v. Wall, No. 08-60016-CR, 2008 WL 5381412, at *4 (S.D. Fla. Dec. 22, 2008)].  The cell phone in question, unlike early pagers, the court reasoned, automatically stored text messages and other information, unless “deleted by the user,” and contained text messages that were up to two months old.[24. Id.]

III.  Hawkins v. State

a.  Facts

The Georgia Court of Appeals thus decided Hawkins against a backdrop of constantly-evolving Fourth Amendment law. The facts of the case are deceptively simple.[25. For the complete facts of the case, see Hawkins, 2010 WL 4883650, at *1.] An alarmed mother delivered her unidentified son’s cell phone to an officer with the Lowndes County Sheriff’s Office, concerned that her son was receiving text messages involving narcotics sales. The officer subsequently received a text message on the son’s cell phone from Haley Hawkins – whose identity was unknown to the officer at the time – asking whether the son had “received certain controlled substances.” The officer, posing as the son, set up a drug transaction with Hawkins, and the two agreed to meet at a local restaurant later that evening.

The officer arrived prior to the agreed-upon meeting time to survey the restaurant parking lot. Hawkins soon drove into the parking lot, at which time the officer observed Hawkins “entering data into her phone.” At almost the same time, the officer received a text message on the son’s cell phone announcing Hawkins’ arrival at the restaurant parking lot. The officer arrested Hawkins, at which time Hawkins admitted that she had been texting the son’s cell phone in order to set up the drug transaction. Police thereafter searched Hawkins’s vehicle, incident to arrest, and found her cell phone inside her purse. Without obtaining a warrant, the officer searched Hawkins’ phone for the incriminating text messages, downloaded them, and printed them. Hawkins filed suit based on the officer’s conduct, alleging that the officer violated her Fourth Amendment rights by searching the electronic data stored on her cell phone without first obtaining a warrant.

Hawkins unsuccessfully moved to suppress the text messages and immediately appealed the trial court’s decision to the Court of Appeals.

b.  The Majority Opinion[26. The majority opinion is available at Hawkins, 2010 WL 4883650, at *2-4.]

The Court of Appeals’ analysis hinges on two issues: first, what, if any, exception to the warrant requirement applies in this case, and second, whether the fact that the object searched is a cell phone has any constitutional significance.

In addressing the first issue, the majority’s opinion relies almost entirely on Arizona v. Gant’s holding that when an officer arrests an occupant of a vehicle, the officer may search the passenger compartment of the vehicle for evidence, if “it is reasonable to believe that evidence of the offense of arrest might be found in the vehicle.”[27. Id. at 2.] The majority notes that although the proper scope of a search permitted by Arizona v. Gant remains unclear, the “most restrictive plausible interpretation of Gant” upholds the warrantless search of “places and things in a vehicle in which one reasonably might find the specific kinds of evidence of the crime of arrest that the officer has reason to believe might be found in the vehicle.”[28. Id.] Applying this standard, the majority finds that the Lowndes County officer had a reasonable belief that evidence of the crime of purchasing controlled substances would be contained in Hawkins’s cell phone. Hawkins and the officer had communicated exclusively through text messaging during the hours leading up to what Hawkins ostensibly believed was a drug transaction. Moreover, the officer had observed Hawkins entering data into her cell phone in the restaurant parking lot at the moment before he received a text message from Hawkins. Finally, at the time of arrest, Hawkins admitted to the officer that she had been the individual who had exchanged text messages with him throughout the day.

But what makes relevant the officer’s reasonable belief that the cell phone contained evidence of Hawkins’s crime of arrest is the majority’s determination that Gant applies to cell phones in the same way it applies to any physical container. The line of cases leading to Gant has long governed searches of both vehicle passenger compartments and “any containers therein.”[29. See Gant, 129 S. Ct. at 1712.]  But, as discussed, there is disagreement as to whether a cell phone should be treated just as any other container. The majority offers a slightly nuanced approach. Following the lead of most other courts that have considered the question, the majority concludes that cell phones should, indeed, be treated like physical containers. Court also recognizes, however, some crucial differences between cell phones and containers that give pause to treating cell phones and physical containers the same way. Cell phones have the capacity to hold more, and a greater variety of, information than most traditional physical containers. Relatedly, cell phones often contain the most private personal information for which “individuals may reasonably have a substantial expectation of privacy and for which the law offers heightened protection.”[30. Hawkins, 2010 WL 4883650, at *3.] In light of these special attributes of cell phones, the Court cautions that an officer’s authority to search data on a cell phone “does not mean that he has the authority to sift through all of the data stored on the phone. Rather, the officer’s “search must be limited as much as is reasonably practicable by the object of the search.”[31. Hawkins, 2010 WL 4883650, at *4 (emphasis in original).] Because the record suggests that the officer merely searched for and found the incriminating text messages without looking for any other data on the cell phone, the Court concluded that the officer’s search of Hawkins’s cell phone was constitutionally permissible under the Fourth Amendment.

IV.   The Significance of Hawkins v. State

The Georgia Court of Appeals’ decision marks a substantial step in Fourth Amendment jurisprudence for a number of reasons.

As an initial matter, the Courts’ opinion is important simply for the novelty of the legal question presented. Courts have certainly considered searches of vehicles incident to arrest, and a number of courts throughout the country have addressed searches of electronic devices, such as cell phones. But according to one recent commentary, only the tiniest handful of courts have considered warrantless searches of cell phones incident to arrest and even fewer have addressed warrantless searches of cell phones in automobiles incident to arrest.[32. See Jane L Knott, Is There an App for That? Reexamining the Doctrine of Search Incident to Lawful Arrest in the Context of Cell Phones, 35 Okla. City U. L. Rev. 445, 449 (2010). According to Knott, only two courts had considered cell phone searches incident to arrest as of mid-2010.] In fact, Hawkins v. State may constitute the first – or at the very least, the most recent – substantive analysis of searches incident to arrest of cell phones found in automobiles. As such, the opinion is likely to serve as persuasive authority to the plethora of courts that will almost inevitably begin considering the issue in the future.

Second, while the majority interpreted Arizona v. Gant in line with most courts, Hawkins v. State indicates that there is still significant disagreement on how exactly to apply Supreme Court precedent regarding searches of automobiles incident to arrest. Chief Judge Miller in his concurrence and Judge Phipps in his dissent disagreed with the majority on the significance of the need to preserve evidence as a justification for the warrantless search of Hawkins’s cell phone. Chief Judge Miller and Judge Phipps stated that the search incident to arrest exception to the warrant requirement “derives from interests in officer safety and evidence preservation” and that in this case, because officer safety is not a consideration, the relevant inquiry is “whether the search of Hawkins’s cell phone was for purposes of evidence preservation.”[33. Chief Judge Miller’s dissenting opinion can be found at Hawkins, 2010 WL 4883650, at *5-7.]  While he did not explicitly argue that there was any risk of losing the text messages on Hawkins’s phone, Chief Judge Miller concluded that the “officer reasonably conducted a search for such messages in order to preserve the evidence.” Judge Phipps in dissent similarly stated that the relevant question in this case is whether the warrantless search was necessary for evidence preservation but finds that the “state offered no evidence that the data needed to be searched immediately to protect the arresting officers or to prevent the data’s destruction.”[34. See id. at *8-9.]

As both Chief Judge Miller and Judge Phipps correctly note, the U.S. Supreme Court has long relied on two justifications for the search incident to arrest exception to the warrant requirement: the need to protect officers from harm and the need to preserve evidence. Indeed, the two traditional justifications—articulated most prominently in Chimel—justify Gant’s first holding that a warrantless search of a passenger compartment is permissible where the arrestee is “unsecured and within reaching distance of the passenger compartment at the time of the search.”[35. Gant, 129 S. Ct. at 1719.] But quite apart from that holding is the other major pronouncement in Gant, which is that a warrantless search of the passenger compartment of a vehicle is constitutionally permissible when it is “reasonable to believe evidence relevant to the crime of arrest might be found in the vehicle.”[36. Id.] The Gant Court, while offering no substantive justification for the rule, explicitly recognizes that allowing warrantless searches upon reasonable belief that evidence of the crime of arrest might be found is not justified by the traditional rationales for allowing warrantless searches incident to arrest.[37. Id.] Thus, according to the Gant Court, the rule permitting warrantless searches of cars where there is a reasonable belief that evidence of the crime of arrest might be found need not be justified by the need to protect officers or preserve evidence.

The concurrence and dissent in Hawkins, by asking whether the search was justified by the need to preserve evidence, apply an analysis that is not, strictly speaking, relevant. Nonetheless, Chief Judge Miller and Judge Phipps raise an important issue that the Gant Court has left unresolved: if the need to     protect officers and preserve evidence do not justify warrantless searches where evidence of the crime of arrest might be found, what rationale does? If, in fact, there is no risk to officer safety or evidence destruction, why not require officers to obtain a warrant before searching cell phones? Courts—like the Georgia Court of Appeals—will no doubt continue to struggle with such questions.

Hawkins is also notable for the Court’s affirmation of the widespread notion that a cell phone should, for Fourth Amendment purposes, be treated as a physical container. As discussed, the Court cites a number of cases that support drawing an analogy between cell phones and physical containers. But the Court clearly recognizes that the amount and type of information a modern cell phone can contain distinguishes cell phones from traditional containers. Interestingly, the Court sees those differences not as justifying the invalidation of cell phone searches altogether but merely as necessitating restrictions on the scope of such searches. Citing scholarly commentary, the Court states that a cell phone should be treated “like a container that stores thousands of individual containers in the form of discrete files.”[38. Hawkins, 2010 WL 4883650, at *4.] As a result, “[j]ust because an officer has the authority to make a search of the data stored on a cell phone . . . does not mean he has authority to sift through all of the data stored on the phone.”[39. Id.] Indeed, the scope of the search must be “narrow[ed] in some meaningful way” aimed at uncovering evidence of the crime of arrest without unnecessarily invading the arrestee’s privacy.[40. Id.]

The Court’s approach, while ostensibly reasonable, perhaps raises more questions than it answers—namely, it begs the question of how searches should be narrowed so as to balance the legitimate need to preserve evidence against the arrestee’s privacy interests. Under the Court’s approach, officers on the street—some of whom may have limited experience with cutting edge cell phone technology—must make the difficult determination of how to properly limit the scope of a given cell phone search. This determination, at minimum, will require case-by-case considerations of: the nature of the crime of arrest, the likely form and content of the incriminating data, the available functions and capabilities of the arrestee’s cell phone, and the arrestee’s privacy interests in the various forms of data contained in the phone. In short, the Court charges officers—who face the most difficult of circumstances on a regular basis—with the task of tailoring cell phone searches to the strictures of the Fourth Amendment without the benefit of any clear guidelines or rules. Until Georgia (or federal) courts offer clearer guidelines, officers may be better off seeking warrants prior to conducting searches of cell phones in the absence of any danger of evidence loss, rather than risking the admissibility of evidence by searching cell phones without warrants.

V.  Conclusion

The Georgia Court of Appeal’s decision in Hawkins v. State marks a significant advance in Fourth Amendment jurisprudence to the extent that it is one of the earliest—if not first—forays into the law of warrantless searches incident to arrest of cell phones found in vehicles.  While the Court offers a thoughtful analysis of Arizona v. Gant, it is clear from the concurring and dissenting opinions in Hawkins that there is significant disagreement in how the Gant case should be applied. Moreover, although the it recognizes the difficulty of limiting the scope of cell phone searches, the Court seems to leave the difficult questions unanswered, perhaps leaving officers in an untenable situation—at least for the time being.

Patent Strategies For Start-Up Technology Companies

By Gregory Kirsch, Partner, Ballard Spahr, LLP, Atlanta*  A start-up company may find itself competing in a marketplace heavy with protected intellectual property, such as patents. The patent landscape within the start-up company's field should preferably be analyzed before entering the market, lest the start-up be faced with a flurry of third-party licensing "opportunities" or even lawsuits. Likewise, the start-up company should consider how best to develop a patent position of its own.

There are various considerations that a start-up company should take into account when developing a suitable patent strategy. In addition to the basic need to protect turf and mitigate risks of being squeezed from the market by a competitor with its own patent portfolio, a start-up company should consider all of the offensive and defensive aspects of patents, while balancing the strategy with practical concerns such as cost. Creating effective patent policies and procedures within the company early in the process can result in gained efficiencies later in the process.

How Patents May Be Used Developing and protecting a patent portfolio can help a start-up overcome barriers to entry in a market. If the new company's products or services are unique in an area crowded with pre-existing patents, protecting the unique aspects of its product or service can help insulate the new entrant from existing competitors and thereby overcome hurdles to entering that market. By protecting the core business product or service of the new company, the survivability of the start-up can be enhanced.

Having a patent portfolio can increase the value of a company and aid in obtaining funding through borrowing, VCs, and IPOs. Defensively, a patent portfolio can serve as a deterrent to potential infringers and competitors from copying and entering the same technology areas. Defensive tactics also include identifying third-party patents in the same technology area as the start-up, and addressing them at an early stage by, for example, clearance (freedom to operate) analysis and opinions, designing around, invalidity and non-infringement analysis and opinions, or seeking licenses. Offensively, while a patent provides the patent owner with the exclusive right to prevent others from making, using and selling the patented invention, it also affords a potential stream of revenue and strategic alliances through licensing and cross-licensing opportunities. Patents also provide their patent owners the opportunity to seek judicial remedy against infringers that are unwilling to license or cease infringing activities. The development of a patent portfolio can instill a culture of innovation in a company, as well as a reputation in an industry for being a technology leader. Developing a patent portfolio can also provide a feeling of ownership among employees by recognizing their contributions to the company's well-being.

How to Develop a Patent Position One of the first steps in developing a patent position is choosing patent counsel. Inside counsel (if the volume of patent work justifies it), outside counsel, or a combination of inside and outside counsel can be used. If outside counsel is involved, the start-up must decide who they will use. Like any legal service, outside patent counsel should be chosen based on experience, capability, comfort-level, and expense. Getting patent counsel involved early in the process helps better execute patent strategy by developing procedures for invention disclosure, focusing the portfolio, and optimizing the use and value of the portfolio.

Invention "mining" within the start-up company helps grow the patent portfolio. The purpose of invention-mining is to provide a mechanism for bringing inventions from various levels of an organization to a point where a decision can be made whether to seek patent (or other intellectual property) protection. Invention mining within a company also helps create a culture of innovation and protection and instills an ownership value among inventing employees.

Invention disclosure within a start-up (or any company) may be encouraged through one or both of an incentive program and recognition systems. Typically, an invention disclosure form (IDF) may be developed with input from patent counsel for use by inventors within the company to document details regarding their inventions. A well-designed IDF can facilitate the decision process regarding patentability and lower patent preparation costs by providing much of the information needed by a patent attorney.

Another important element of the invention disclosure process is a patent committee. The patent committee within a start-up typically consists of senior management most closely related to the inventive process, such as a Chief Technology Officer. Preferably, the patent committee should also include other senior business executives, to ensure that the business objectives of the company are considered. The patent committee need not be formal in nature -- it can be as small as one person -- although it's important that both technical and business input is obtained, to be combined with the advice of patent legal counsel.

In operation, the patent committee receives IDFs from company inventors, ensures all relevant details regarding the invention are included, assesses the invention with respect to the technical and business strategy of the company, assesses the patentability of the invention (with help from patent counsel), and coordinates with patent counsel regarding whether to pursue patent protection. Other activities of the patent committee may include decisions regarding enforcement and licensing of patents, and the initial review and consideration of third-party patents regarding validity, infringement and design-around issues.

The structure of the patent committee can vary based on the size and needs of a company, but it is a good idea to work with patent counsel in developing the patent committee and in some cases it may be beneficial to have patent counsel serve on the patent committee

Having a Strategic Focus Having a strategic focus in mind with patents can be critical to a start-up company's long-term viability and success. For example, the company may want to pursue a patent-mapping process early in the patent development cycle. Patent mapping provides a landscape of patents in a relevant area of technology, and can help to identify key competitors in that space. It can be used by the start-up company to focus and tailor its research and development, by identifying "holes" in patent coverage of a given technology sector. The results of patent mapping can be used to pursue strategic patent coverage.

Patent-mapping can also help avoid litigation, the need for licensing, and costly design-arounds. Even if patent-mapping is not employed, a "shotgun" approach to development of a patent portfolio should be avoided. A group of patents that are in a related technology area are generally of greater value to a company than having scattered patents in a number of unrelated technologies. The strategic focus should be conveyed throughout the company and should be a criteria used by the patent committee when deciding whether to pursue patent protection for an invention.

Conclusion The importance of patents and other types of intellectual property to companies, large and small, is becoming more and more pronounced, as technological innovation advances and competition increases. All start-up companies should give serious consideration to the minefield of existing patents, as well as the development of a patent portfolio. A patent portfolio can protect the core business concepts of the company, thereby increasing the company's value. Patents can be used offensively and defensively, and the start-up needs to be aware of and take steps to protect itself from the patents of others. When implementing its patent strategy, a start-up should choose patent counsel carefully, develop a patent committee (either formal or informal), "mine" inventions within the company by developing an invention disclosure process, map the patent landscape, provide incentives for innovation, and, of course, manage costs associated with all of these activities. In the end, the patent strategy should be focused on creating value for the company, in order to maximize the chance of long-term success.

*Greg Kirsch is a partner in Ballard Spahr LLP, where he leads the firm's Software, Electronics and Communications Technology Patent Team.  He represents clients ranging from small technology start-ups to large international companies, as well as universities, in the U.S. and abroad.  In addition to his full-time legal practice, Kirsch has also served as an adjunct professor of patent law at Emory University School of Law since 1997.