Summary
relying on federal cases to conclude that the "without authorization" element of N.J.S.A. 2A:156A-27 means use of another's password or access code without permission or consent
Summary of this case from Marcus v. RogersOpinion
Decided May 31, 2001.
On appeal from Superior Court of New Jersey, Chancery Division, Family Part.
Robert S. Raymar for plaintiff, (Hellring Lindeman Goldstein Siegal LLP).
Phyllis Klein O'Brien for defendant, (Donahue Braun. Hagan, Klein Newsome).
I INTRODUCTION
This opinion supplements an oral opinion rendered on April 23, 2001.
In this bitterly contested custody matter, the court is required to decide whether or not the defendant wife, by retrieving plaintiff husband's stored e-mail from the hard drive of the family computer, unlawfully accessed stored electronic communications, in violation of the New Jersey Wiretap Act, N.J.S.A. 2A:156A-1 to 34 [the "Act"], or violated plaintiff's common law right to privacy. Plaintiff seeks to suppress the evidence if the Act was violated or if his privacy was wrongfully invaded.
No New Jersey court has yet interpreted the Act, or examined the tort issue, in the context of recent electronic communication technology. Because this court holds that the Act does not apply to the electronic communications stored under these circumstances and there is no violation of the Act, and because this court also holds there is no invasion of plaintiff's right to privacy, the evidence will not be suppressed.
II FACTS
The parties were married on April 26, 1980, and three children were born of their marriage: Ryan, 19; Colin 15; and Patrick, 13. Although plaintiff filed for divorce in October 1999, he continues to reside with defendant. He sleeps in the sun room.
The family computer and entertainment center are located in the sun room. The defendant and the children often use this room to utilize the computer, watch television, and adjust the stereo volume. It is also the only way to get to the grill out on the deck. It was in this room that defendant discovered a letter from plaintiff to his girlfriend. According to defendant, this letter was left in plain view; plaintiff denies this.
Shortly after defendant discovered the letter, she hired Gamma Investigative Research, and unbeknownst to plaintiff-and without using plaintiff's password-Gamma copied plaintiff's files from the computer's hard drive: These files contained e-mail sent between plaintiff and his girlfriend; they also contained images that he viewed on Netscape. Gamma then prepared a written report detailing its findings and sent copies of all the above to defendant and her attorney. It was only while being deposed that plaintiff learned that defendant had accessed his e-mail. He had thought-incorrectly as it turns out-that his e-mail and attachments could not be read without his AOL password.
In order to understand the error of plaintiff's thinking, it is necessary to first understand the technical workings of America Online Service ["AOL"], plaintiff's chosen Internet Service Provider ["ISP"]. Defendant's expert, John Passerini, explains it as follows:
Incoming e-mails are received on the AOL e-mail server and are accessible to an AOL user only after dialing in and authenticating with the users screen name and password. Also, a user cannot send an e-mail via the AOL server until he has similarly dialed in. . . . AOL's server receives and maintains the e-mail until the recipient dials into AOL and accesses (seeks to read) his mail. In addition, an AOL user can save his e-mails and attachments on his computer's hard drive. AOL offers the Personal Filing Cabinet ["PFC"] feature, which is created automatically on the hard drive during the installation of AOL on the user's computer. The PFC is named for users screen name . . . [A]n AOL user must voluntarily choose to save the e-mail, attachment or address to his PFC or address book. The AOL user can save e-mail, attachments, or addresses either by using the automatic AOL feature or manually. To save automatically to the PFC on the hard drive, the user must select that option in "Mail Preferences." Specifically, in the main tool bar, the user chooses "Mail Center," "Preferences" and then checks "Retain All Mail I Send in My Personal Filing Cabinet" and/or "Retain All Mail I Read in My Personal Filing Cabinet"
Additionally, in the "Notes" section of [the Help screens], America On Line informs the user that he can read mail stored in the PFC when he is not signed onto AOL, i.e. the PFC is on the hard drive. Similarly . . . America On Line informs the user that e-mail saved in the PFC will remain on the hard drive until the user deletes it
Mr. Passerini states that the only way to be sure "that e-mail will be saved permanently, is to use the PFC file on the user's hard drive . . ." because, "e-mail cannot be saved permanently on AOL's server."
It is clear that plaintiff was saving his e-mails-received and sent-to the PFC of the family computer. It is also clear that he did not realize he was doing so. Obviously, not knowing they were being saved, he took no steps to delete them, nor any steps to protect them with a password-a task easily accomplished.
As Mr. Passerini states:
[T]he PFC me on the users hard drive is not automatically password protected . . . . While the AOL sign-on password is mandatory and required by AOL to establish a dial-up connection, if no PFC password is created any computer
user may view a PFC end e-mails contained in a PFC by simply opening the AOL software on the hard drive (emphasis added)
This is precisely what occurred here: defendant's expert simply opened the AOL software on the family computer's hard drive and viewed and copied plaintiff's e-mails.
Finally, it should be noted that as the result of the parties' entering into a protective order, this court has no knowledge of the contents of the e-mails which are the subject matter of this motion. Suffice it to say, defendant believes that they are highly relevant and material to the custody determination yet to be made.
III ANALYSIS
A. Inter-Spousal Immunity
The first issue to be decided is whether or not the New Jersey Wiretap Act applies to a spouse who accesses the electronic communication of their spouse without authorization. It is already settled law that the Act applies when one spouse illegally records the communications of the other spouse. Scott v. Scott, 277 N.J. Super. 601, 649 A.2d 1372 (Ch.Div. 1994); M.G. v. J.C., 254 N.J. Super. 470, 603 A.2d 990 (Ch.Div. 1991).
As the M.G. court stated:
It is clear that the language of the N.J. wiretapping Act contains no explicit exemption for any wiretapping by an aggrieved spouse. It is not the function of the courts to graft an exemption where the legislature has not seen fit to provide one.
[Id. at 477, 603 A.2d 990.]
The M.G. logic applicable to spousal wiretapping is equally applicable to spousal electronic communications. The legislature has amended the Act several times since M. G. v., J. C. and Scott v. Scott were decided. P.L. 1993 C. 29; P.L. 1994 C. 55; and P.L. 1999 C.151. If the legislature did not see fit to enact a spousal exemption when it amended the Act, it is not this court's function to do so. This court therefore concludes that the New Jersey Wiretap Act applies to unauthorized access of electronic communications of one's spouse, even though there was no violation of the Act in this case.
B. The Wiretap Statute
The New Jersey Wiretapping and Electronic Surveillance Control Act, N.J.S.A. 2A:156A-1 et seq., was enacted in 1968. It is identical to the Federal Wiretap Act. 18 U.S.C § 2510 et seq.; See M.G. v. J.U, supra, 254 N.J.Super. at 473, 603 A.2d 990.
Congress enacted the Act in 1968 to protect wire and oral communications from being intercepted. New Jersey quickly followed suit. Since then, both the Congress and state legislatures "have been trying to keep pace with technology, while struggling with the question of what protection certain devices deserve." Vanessa Winter, Note, What Is a Private Communication: An Analysis of the New Jersey Wiretap Act, 19 Seton Hall Leg. J. 386 (1994).
In 1986, Congress amended the Federal Wiretap Act by enacting the Electronic Communications Privacy Act of 1986 [hereinafter ECPA]. The purpose was to "update and clarify Federal privacy protections and standards in light of dramatic changes in new computer and telecommunications technologies." Senate Report No. 99-541, 99th Cong., 2d Sess. 1 (1986) [hereinafter Senate Report].
In enacting the ECPA, Congress recognized that "computers are used extensively today for the storage and processing of information," Id. at 3, and that while a first class letter was "afforded a high level of protection against unauthorized opening," there were "no comparable . . . statutory standards to protect the privacy and security of communications" transmitted by "new forms of telecommunications and computer technology." Id. at 5. And so, adopting the Electronic Communications Privacy Act of 1986 represented a "fair balance between the privacy expectations of American citizens and the legitimate needs of law enforcement agencies." Ibid.
New Jersey amended its wiretap act in 1993. P.L. 1993, C. 29. These amendments, regulating access of stored electronic communications, were identical to the amendments made to the Federal Wiretap statute by the ECPA. See Cacciarelti v. Bonfface, 325 N.J. Super. 133, 136, 737 A.2d 1170 (Ch.Div. 1999).
The New Jersey statute, as amended, provides:
A person is guilty of a crime of the fourth degree if he (1) knowingly accesses without authorization a facility through which an electronic communication service is provided or exceeds an authorization to access that facility, and (2) thereby obtains, alters, or prevents authorized access to a wire or electronic communication while the communication is in electronic storage.
At first blush, it would appear that accessing electronic communications in electronic storage without authorization is a violation of the Act. But, electronic storage as used in the Act means:
(1) Any temporary, immediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and (2) Any storage of such communication by an electronic communication service for purpose of backup protection of the communication . . .
To understand the import of this language, a basic understanding of how e-mail communication works is essential. As Judge Brody explained in Fraser v. Nationwide Mutual Insurance Co.:
Transmission of e-mail from the sender to the recipient through an electronic communication system is indirect. First, an individual authorized to use the system logs on to the system to send a message. After a message is sent, the system stores the message in temporary or intermediate storage. I will refer to this storage as "intermediate storage". After a message is sent, the system also stores a copy of the message in a separate storage for back-up protection, in the event that the system crashes before transmission is completed. I will refer to this storage as "back-up protection storage". In the course of transmission from the sender to the recipient, a message passes through both intermediate and back-up protection storage. Transmission is completed when the recipient logs on to the system and retrieves the message from intermediate storage. After the message is retrieved by the intended recipient, the message is copied to a third type of storage, which I will call "post-transmission storage". A message may remain in post-transmission storage for several years.
[ 135 F. Supp.2d 623, 633-34 (E.D.Pa. 2001.) (Citations omitted).]
In other words, all e-mail is stored at some point in the transmission process. David J. Loundy, E-Law 4: Computer Information Systems Law and System Operators Liability, 21 Seattle UIL.Rev. 1075, 1145 (1998).
To be clear, the e-mail in the hard-drive of the White family computer accessed by defendant was in post-transmission storage. Referring back to the statutory language which defines electronic storage, the Act was not meant to extend to e-mail retrieved by the recipient and then stored. It protects only those electronic communications which are in the course of transmission or are backup to that course of transmission. Fraser v. Nationwide Mutual Ins. Co., supra, at 637.
The conclusion that the Act does not apply to electronic communications received by the recipient, placed in post-transmission storage, and then accessed by another without authorization, appears to make sense, when one considers that the "strong expectation of privacy with respect to communication in the course of transmission significantly diminishes once transmission is complete." Fraser v. Nationwide Mutual Inx Co., suprw And, also, it should be noted that while Congress was concerned with the protection of an individual's privacy interests against unjustified intrusions in the original wiretap act, it did not attempt to deal with all such intrusions. See United States v. Turk, 526 F.2d 654, 658-59 (5th Cir. 1976), cert. denied 429 U.S. 823, 97 S.Ct. 74, 50 L.EdJ2d 84 (1976). The language contained in the ECPA and in the New Jersey statute represents the "fair balance" between privacy expectations and legitimate intrusion that Congress and the New Jersey legislature attempted to achieve in trying to keep pace with the advances in technology.
Two last points: (1) defendant did not access plaintiff's e-mail "without authorization" in violation of N.J.S.A. 2A:156A-27 (a); and (2) defendant's actions do not constitute an "intercept" as defined by N.J.S.A. 2A:156A-3 (a).
It has been held that "without authorization" means using a computer from which one has been prohibited, or using another's password or code without permission. Sherman Co. v. Salton Maxim Housewares, Inc., 94 F. Supp.2d 817 (E.D.Mich. 2000). Although she did not often use the family computer, defendant had authority to do so. Additionally, defendant did not use plaintiff's password or code without authorization. Rather, she accessed the information in question by roaming in and out of different directories on the hard drive. As stated in Sherman, where a party "consents to another's access to its computer network, it cannot claim that such access was unauthorized." Id. at821.
As to the meaning of an "intercept, "the treatment of messages in "electronic storage" is not governed by the restrictions on "interception." "Congress did not intend for `intercept' to apply to `electronic storage'". Steve Jackson Games Inc. v. United States Secret Service, 36 F.3d 457, 462 (5th Cir. 1994).
Said another way, An "electronic communication," by definition, cannot be "intercepted" when it is in electronic storage," because only "communications" can be "intercepted," and, . . . the "electronic storage" of an "electronic communication" is by definition not part of the communication.
(Bohach v. City of Reno, 932 F. Supp. 1232, 1236 (D.Nev. 1996).]
Here, the electronic communications had already ceased being in "electronic storage" as defined by the Act. They were in post-transmission storage-therefore defendant did not intercept them.
Interestingly, the language of the Act refers to "access" rather than "disclosure" or "use," thus one court has held that a person "can disclose or use with impunity the contents of an electronic communication unlawfully obtained from electronic storage." Wesley College v. Pitts, 974 F. Supp. 375, 389, (D.Del. 1997), affid, o.b. 172 F.3d 861 (3rd Cir. 1998). Therefore, because there is no prohibition regarding disclosure or use of the information defendant obtained from the family computer's hard drive, defendant cannot be barred from using it.
Finally, plaintiff argues that defendant needed a warrant or court order before accessing and copying the contents of his email. That argument is specious. It is specious because it misconstrues the statutory language. N.J.S.A. 2A:156A-29 deals with who may compel disclosure of an electronic communication. The answer is only a law enforcement agency and only if the agency has first obtained a warrant or a court order. Not only is defendant not obligated to obtain a warrant but she is legally incapable of doing so.
C. Invasion of Privacy
"The common law recognizes various causes of action relating to the right to privacy." Hennessey v. Coastal Eagle Point Oil Co., 129 N.J. 81, 95, 609 A.2d 11 (1992). Plaintiff alleges that by accessing his e-mail, defendant committed the tort of intrusion on seclusion."
The Restatement (Second) of Torts, § 652B (1977) states: One who intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns, is subject to liability to the other for the invasion of his privacy, if the intrusion would be highly offensive to a reasonable person. [Id. at 378.]
The invasion may be by "physical intrusion into a place in which the plaintiff has secluded himself" . . . or it may be by some other form of investigation or examination into his private concerns, as by opening his private and personal mail, searching his safe or his wallet, examining his private bank account, or by compelling him by a forged court order to permit an inspection of his personal documents. The intrusion itself makes the defendant subject to liability, even though there is no publication. [Id. at comment b. 378-79.]
The crux of the issue is that the intrusion must be "highly offensive to a reasonable person." Id. And that conclusion turns on one's reasonable expectation of privacy. A "reasonable person" cannot conclude that an intrusion is "highly offensive" when the actor intrudes into an area in which the victim has either a limited or no expectation of privacy.
"[E]xpectations of privacy are established by general social norms." State v. Hempele, 120 N.J. 182, 200, 576 A.2d 793 (1990). And, using a Fourth Amendment analysis for purposes of analogy, one's expectation of privacy must be reasonable-objectively reasonable. State v. Brawn, 282 N.J. Super. 538, 547, 660 A.2d 1221 (App.Div.) certif denied, 143 N.J. 322, 670 A.2d 1064 (1995). A person's expectation of privacy to a room used for storage and to which others have keys and access is not reasonable. Defendant's subjective belief that the room was private is "irrelevant". Ibid.
The same is true here. Plaintiff lived in the sun room of the marital residence; the children and defendant were in and out of this room on a regular basis. The computer was in this room and the entire family had access to it and used it. Whatever plaintiff's subjective beliefs were as to his privacy, objectively, any expectation of privacy under these conditions is not reasonable. Indeed even subjectively, plaintiff knew his living accommodations were not private; he avers that he did not leave the letter to his girlfriend in plain view.
In Del Presto v. Del Presto, 97 N.J. Super. 446, 235 A.2d 240 (App. Div. 1967), a case similar to the case at bar, defendant husband sought to suppress evidence of his extramarital affair that his wife found "in one of the office file cabinets in a room to which plaintiff [wife] had complete access." Id. at 454, 235 A.2d 240. The papers, consisting of love letters sent to the defendant by his paramour and a jewelry receipt for jewelry not given to his wife, had been left "in files to which she [wife] had a full freedom of entry." Id.
The Appellate Division overruled the trial court's suppression of this evidence, saying:
Having a legitimate reason for being in the files, plaintiff had a right to seize evidence she believed indicated her husband was being unfaithful.
[Id. at 456, 235 A.2d 240.]
Can it be said that defendant's activities here are "highly intrusive?" Hennessey, supra. She was searching for indicia that her husband was involved in an extramarital liaison-not an uncommon occurrence in the realm of human experience. Is rummaging through files in a computer hard drive any different than rummaging through files in an unlocked file cabinet, as in Del Presto, supra?
Not really.
IV CONCLUSION
Accessing post-transmission stored e-mail, under these circumstances, does not violate the New Jersey Wiretap Act. Nor do defendant's actions intrude upon plaintiff's common law right to seclusion. Plaintiff's motion is denied.