Justia U.S. 3rd Circuit Court of Appeals Opinion Summaries

The district court dismissed, for lack of jurisdiction, a constitutional challenge to an electronic surveillance program operated by the National Security Agency (NSA) under the authority of Section 702 of the Foreign Intelligence Surveillance Act (FISA), 50 U.S.C. 1881a. The court noted that the plaintiff failed to plead facts from which one might reasonably infer that his own communications had been seized by the federal government. The Third Circuit vacated and remanded. The second amended complaint alleged that because the government was “intercepting, monitoring and storing the content of all or substantially all of the e-mail sent by American citizens,” plaintiff’s own online communications had been seized in the dragnet. That allegation sufficiently pleaded standing to sue for a violation of plaintiff’s Fourth Amendment right to be free from unreasonable searches and seizures. Plaintiff may lack actual standing to sue; the government may, on remand to make a factual jurisdictional challenge to that pleading. The alleged facts—even if proven—do not conclusively establish that a dragnet on the scale alleged by plaintiff. On remand, the court must closely supervise limited discovery. View "Schuchardt v. President of the United States" on Justia Law

Under the Facebook account name “Billy Button,” Browne began exchanging messages with 18-year-old Nicole. They met in person and exchanged sexually explicit photographs of themselves through Facebook chats. Browne threatened to publish the photos online unless Nicole engaged in oral sex and promised to delete the photos only if she provided him the password to her Facebook account. Using that account, Browne made contact with four minors and solicited explicit photos. Once he had their photos, he repeated the pattern, threatening to publish their images unless they engaged sexual acts. Alerted by the Virgin Islands Police Department, Department of Homeland Security (DHS) agents investigated, arrested Browne, executed a search warrant on his residence, and seized a cell phone from which text messages and photos of the minors were recovered. Browne admitted ownership of the phone and Facebook account. Facebook provided five sets of chats and a certificate of authenticity executed by its records custodian, which were admitted at trial. The Third Circuit affirmed his convictions for child pornography and sexual offenses with minors. While rejecting the government’s assertion that, under Rule 902(11), the contents of the communications were “self-authenticating” as business records accompanied by a certificate from the records custodian, the court found that the record reflected sufficient extrinsic evidence to link Browne to the chats and satisfy the prosecution’s authentication burden under a conventional Rule 901 analysis. View "United States v. Browne" on Justia Law

Plaintiffs filed a class action alleging that defendants, who run internet advertising businesses, placed tracking cookies on the plaintiffs’ web browsers in contravention of their browsers’ cookie blockers and defendant Google’s own public statements. Essentially they claimed that the defendants acquired the plaintiffs’ internet history information when, in the course of requesting webpage advertising content at the direction of the visited website, the plaintiffs’ browsers sent that information directly to the defendants’ servers. They cited the Wiretap Act, 18 U.S.C. 2510; the Stored Communications Act, 18 U.S.C 2701; the Computer Fraud and Abuse Act, 18 U.S.C. 1030; and, against Google, violation of the privacy right conferred by the California Constitution, intrusion upon seclusion, the state Unfair Competition Law, the California Comprehensive Computer Data Access and Fraud Act, the California Invasion of Privacy Act, and the California Consumers Legal Remedies Act. The district court dismissed. The Third Circuit affirmed as to the federal claims, stating that fraud or deceit does not amount to wiretapping; the alleged conduct implicated no protected “facility” under the Stored Communications Act; and the plaintiffs alleged no damages under the Fraud Act. The court vacated dismissal of the state law claims against Google. View "In Re: Google Inc Cookie Placement Consumer Privacy Litig." on Justia Law

Munroe was an English teacher, generally considered to be effective and competent. The District granted Munroe tenure in 2010. In 2009, Munroe began a blog, using the name “Natalie M.” She did not expressly identify where she worked or lived, the name of the school or the names of her students. According to Munroe, her blog was meant to be viewed by friends that she had asked to subscribe. There were fewer than 10 subscribed readers, but no password was required for access. Most of the blog posts were unrelated to her school or work. Some postings included complaints about students, her working conditions, and related matters. The District administration first learned of Munroe’s blog in February 2011 when a reporter from a local newspaper began to ask questions; students apparently were commenting on social media.” Munroe was placed on paid suspension and, later, fired. The District had no regulation specifically prohibiting a teacher from blogging on his or her own time. The Third Circuit affirmed dismissal of Munroe’s 42 U.S.C. 1983 suit; under the Pickering balancing test, Munroe’s speech, in both effect and tone, was sufficiently disruptive so as to diminish any legitimate interest in its expression, and did not rise to the level of constitutionally protected expression. View "Munroe v. Central Bucks Sch. Dist." on Justia Law

Wyndham has licensed its brand name to approximately 90 independently owned hotels, each having a system that processes consumer information, including names, addresses, email addresses, telephone numbers, payment card account numbers, expiration dates, and security codes. Wyndham manages the systems and requires the hotels to configure them to its specifications to connect to Wyndham’s network. The FTC filed suit under 15 U.S.C. 45(a), alleging that Wyndham engaged in unfair cybersecurity practices that, unreasonably and unnecessarily exposed consumers’ personal data to unauthorized access and theft. The company: allowed Wyndham-branded hotels to store payment card information in clear readable text and allowed use of easily guessed passwords; failed to use “readily available security measures,” such as firewalls; allowed hotel systems to connect to its network without taking appropriate cybersecurity precautions; and did not follow “proper incident response procedures,” so that hackers used similar methods in three attacks, but has published a privacy policy on its website that overstates its cybersecurity. Hackers stole information for hundreds of thousands of consumers leading to $10.6 million in fraudulent charges. The district court denied Wyndham’s motion to dismiss. On interlocutory appeal, the Third Circuit agreed that the FTC has authority to regulate cybersecurity under the unfairness prong of section 45(a); and, that Wyndham had fair notice its specific practices could fall short of that provision. View "Fed. Trade Comm'n v. Wyndham Worldwide Corp" on Justia Law

Aaron’s stores sell and lease residential and office furniture, consumer electronics, and appliances. Byrd leased a laptop computer from Aspen, an Aaron’s franchisee. Although Byrd asserts that she made full payments, an Aspen agent came to repossess the laptop, claiming that the payments had not been made. The agent allegedly presented a screenshot of a poker website Byrd had visited as well as a picture of Byrd taken by the laptop’s camera. Aspen obtained the picture and screenshot through spyware named “PC Rental Agent” that can collect screenshots, keystrokes, and webcam images from the computer and its users. Between November 16, 2010 and December 20, 2010, the Byrds alleged that this spyware secretly accessed their laptop 347 times on 11 different days. According their putative class action, alleging violation of the Electronic Communications Privacy Act, 18 U.S.C. 2511, 895 customers had surveillance conducted through PC Rental Agent. Concluding that the proposed classes were not ascertainable, the district court denied class certification. The Third Circuit reversed. The court erred by: misstating the rule governing ascertainability; engrafting an “underinclusive” requirement; finding that an “overly broad” class was not ascertainable; and improperly applying precedent to the issue of whether “household members” could be ascertainable. View "Byrd v. Aaron's Inc" on Justia Law

Erdely was investigating online distribution of child pornography when he discovered a computer on a peer-to-peer network sharing 77 files that he suspected contained child pornography. With information available to anyone, he found the Internet protocol address (IP address) through which it connected to the internet. Searching publicly available records, Erdely determined that the IP Address was registered to a Comcast subscriber and obtained a court order. Comcast gave Erdely the Neighbor’s name and Pittsburgh address. Erdely executed a warrant. None of the Neighbor’s computers contained child pornography or the file-sharing software; his wireless router was not password-protected. Erdely deduced that the computer sharing child pornography was connecting without the Neighbor’s knowledge. With the Neighbor’s permission, Erdely connected a computer to the router for remote access. Later, while working in Harrisburg, Erdely learned that the computer was again sharing child pornography on the Neighbor’s IP address. Erdely determined the mooching computer’s IP address and MAC address, which belonged to an Apple wireless card. Erdely had not discovered any Apple wireless devices in the Neighbor’s home, so he decided to use a “MoocherHunter” mobile tracking software tool, which can be used by anyone with a directional antenna. Not knowing which residence the signal was coming from, Erdely proceeded without a warrant. From the sidewalk the MoocherHunter’s readings were strongest when aimed at Stanley’s apartment. Erdely obtained a warrant for Stanley’s home. When officers arrived, Stanley fled, but returned and confessed that he had connected to the Neighbor’s router to download child pornography. Erdely seized Stanley’s Apple laptop and recovered 144 images and video files depicting child pornography. Stanley was charged with possession of child pornography, 18 U.S.C. 2252(a). The district court denied a motion to suppress. The Third Circuit affirmed. Use of the MoocherHunter was not a search under the Fourth Amendment. View "United States v. Stanley" on Justia Law

Apple introduced the iPad in 2010. To send and receive data over cellular networks (3G), customers had to purchase a data contract from AT&T and register on an AT&T website. AT&T prepopulated the user ID field on the login screen with customers’ email addresses by programming servers to search for the user’s Integrated Circuit Card Identifier to reduce the time to log into an account. Spitler discovered this “shortcut” and wrote a program, the “account slurper,” to repeatedly access the AT&T website, each time changing the ICC-ID by one digit. If an email address appeared in the login box, the program would save that address. Spitler shared this discovery with Auernheimer, who helped him to refine the account slurper, which collected 114,000 email addresses. Auernheimer emailed the media to publicize their exploits. AT&T fixed the breach. Auernheimer shared the list of email addresses with Tate, who published a story that mentioned some names of those whose email addresses were obtained, but published only redacted email addresses and ICC-IDs. Spitler was in California. Auernheimer was in Arkansas. The servers t were physically located in Texas and Georgia. Despite the absence of any connection to New Jersey, a Newark grand jury indicted Auernheimer for conspiracy to violate the Computer Fraud and Abuse Act, 18 U.S.C. 1030(a)(2)(C) and (c)(2)(B)(ii), and identity fraud under 18 U.S.C. 1028(a)(7). The Third Circuit vacated his conviction. Venue in criminal cases is more than a technicality; it involves “matters that touch closely the fair administration of criminal justice and public confidence in it.”View "United States v. Auernheimer" on Justia Law

Elonis’s wife left their home with their children. Elonis began experiencing trouble at work at an amusement park, reportedly leaving early and crying at his desk. An employee Elonis supervised, Morrissey, claimed sexual harassment. In October Elonis posted on Facebook a photograph taken for his employer’s Halloween Haunt. The photograph showed Elonis in costume holding a knife to Morrissey’s neck. Elonis added the caption “I wish.” Elonis’s supervisor saw the posting and fired Elonis. Days later, Elonis began posting statements on Facebook about having “keys for the fucking gates … sinister plans for all my friends,” and, concerning his wife, “would have smothered your ass … dumped your body … and made it look like a rape and murder” that their son “should dress up as matricide for Halloween … head on a stick” and “I’m not going to rest until your body is a mess, soaked in blood and dying from all the little cuts.” Following issuance of a state court protective order, Elonis posted statements concerning shooting at his wife’s house, using explosives, and “I’m checking out and making a name for myself … hell hath no fury like a crazy man in a kindergarten class.” After being visited by federal agents, he posted statements about blowing up SWAT members. Elonis was convicted of transmitting in interstate commerce communications containing a threat to injure the person of another, 18 U.S.C. 875(c). The Third Circuit affirmed, rejecting an argument that he did not subjectively intend his Facebook posts to be threatening. A 2003 Supreme Court decision, Virginia v. Black, did not overturn its prior holding that a statement is a true threat when a reasonable speaker would foresee the statement would be interpreted as a threat. View "United States v. Elonis" on Justia Law

Stock was indicted for transmitting a threat in interstate commerce 18 U.S.C. 875(c) after he posted a notice on Craig‟s List: i went home loaded in my truck and spend the past 3 hours looking for this douche with the expressed intent of crushing him in that little piece of shit under cover gray impala hooking up my tow chains and dragging his stupid ass down to creek hills and just drowning him in the falls. but alas i can’t fine that bastard anywhere . . . i really wish he would die, just like the rest of these stupid fucking asshole cops. so J.K.P. if you read this i hope you burn in hell. i only wish i could have been the one to send you there.” The Third Circuit affirmed the district court’s denial of a motion to dismiss, stating that it was satisfied that the government included sufficient context in the indictment that a reasonable jury could find that Stock’s statement expressed intent to injure in the present or future. View "United States v. Stock" on Justia Law