Elawyers Elawyers
Ohio| Change

Scherer Design Group, LLC v. Ahead Engineering LLC, 18-2835 (2019)

Court: Court of Appeals for the Third Circuit Number: 18-2835 Visitors: 29
Filed: Feb. 25, 2019
Latest Update: Mar. 03, 2020
Summary: NOT PRECEDENTIAL UNITED STATES COURT OF APPEALS FOR THE THIRD CIRCUIT _ No. 18-2835 _ SCHERER DESIGN GROUP, LLC v. AHEAD ENGINEERING LLC; FAR FIELD TELECOM LLC; KYLE MCGINLEY; DANIEL HERNANDEZ; RYAN WALDRON; CHAD SCHWARTZ Appellants _ Appeal from the United States District Court for the District of New Jersey (D.C. No. 3-18-cv-03540) District Judge: Hon. Anne E. Thompson _ Argued January 7, 2019 _ Before: AMBRO, SHWARTZ, and FUENTES, Circuit Judges. (Filed: February 25, 2019) _ OPINION _ Ronald
More
                                                                  NOT PRECEDENTIAL

                        UNITED STATES COURT OF APPEALS
                             FOR THE THIRD CIRCUIT
                                 ______________

                                       No. 18-2835
                                     ______________

                           SCHERER DESIGN GROUP, LLC

                                             v.

  AHEAD ENGINEERING LLC; FAR FIELD TELECOM LLC; KYLE MCGINLEY;
       DANIEL HERNANDEZ; RYAN WALDRON; CHAD SCHWARTZ
                               Appellants
                          ______________

                       Appeal from the United States District Court
                              for the District of New Jersey
                                (D.C. No. 3-18-cv-03540)
                        District Judge: Hon. Anne E. Thompson
                                     _____________

                                  Argued January 7, 2019
                                     ______________

             Before: AMBRO, SHWARTZ, and FUENTES, Circuit Judges.

                                (Filed: February 25, 2019)

                                     ______________

                                        OPINION
                                     ______________

Ronald D. Coleman, Esq. [ARGUED]
Brian Block, Esq.
Mandelbaum Salsburg
3 Becker Farm Road

       
        This disposition is not an opinion of the full Court and, pursuant to I.O.P. 5.7,
does not constitute binding precedent.
Suite 105
Roseland, NJ 07068

      Counsel for Appellee

David Kistler, Esq. [ARGUED]
Blank Rome
300 Carnegie Center
Suite 220
Princeton, NJ 08540

Michael A. Iannucci, Esq.
Blank Rome
130 North 18th Street
One Logan Square
Philadelphia, PA 19103

      Counsel for Appellants

SHWARTZ, Circuit Judge.

      Scherer Design Group, LLC (“SDG”), obtained a preliminary injunction that

stopped its former employees, Defendants Daniel Hernandez, Ryan Waldron, Chad

Schwartz, and Kyle McGinley, from contacting SDG’s clients and destroying information

taken from SDG. Defendants assert that SDG surreptitiously monitored Hernandez’s

Facebook activity after he left SDG, and claim this constitutes unclean hands barring

SDG from obtaining equitable relief. Because the Court acted within its discretion in

declining to apply the unclean hands doctrine, we will affirm.




                                            2
                                             I1

       SDG is an engineering firm that provides services to wireless carriers and other

vendors in the telecommunications business. Schwartz alleges that he was promised a

partnership in SDG. During discussions about a potential ownership stake, Schwartz

informed SDG that if he did not reach an agreement with SDG, he would start a

competing engineering firm. SDG asked Schwartz to enter a noncompete agreement, but

he declined, and, in November 2017, Schwartz resigned and started two competing

engineering firms, Defendants Ahead Engineering and Far Field Telecom.

       Schwartz thereafter recruited Hernandez, McGinley, and Waldron to join his

firms. While Hernandez, McGinley, and Waldron were still employed by SDG, they

(1) discussed their new venture using, at least in part, Facebook, and (2) transmitted

SDG’s documents and information to Schwartz’s firms.

       During the 2017 Christmas vacation period, Schwartz accepted a project from one

of SDG’s largest clients, ExteNet, which SDG had allegedly declined because SDG

would be closed through the New Year. Schwartz asked Waldron, who was on vacation

from SDG at the time, to assist him with the project. ExteNet eventually left SDG and

became Schwartz’s client.

       Hernandez, McGinley, and Waldron resigned from SDG in January 2018.

Hernandez testified that while he worked at SDG, he accessed his Facebook account from



       1
        “In an appeal from the grant or denial of a preliminary injunction, we typically
view the facts in the light most favorable to the prevailing party.” Arrowpoint Capital
Corp. v. Arrowpoint Asset Mgmt., LLC, 
793 F.3d 313
, 316 n.1 (3d Cir. 2015).

                                             3
his SDG laptop, and “would log off sometimes and leave it open sometimes,” but that on

the day he resigned from SDG—at the direction of his co-Defendants—he “closed out of

Facebook” by clearing the history on the internet browsers on his SDG laptop, App. 227,

334 (“I cleared the passwords which logs you out.”).

       After the mass resignation and loss of ExteNet as a client, SDG’s network

administrator was instructed to examine Defendants’ SDG computers.2 The

administrator (1) reviewed Hernandez’s browser history using software that allowed him

to access deleted activity, (2) asserts that he accessed Hernandez’s Facebook account

without a password because Hernandez had not cleared it from the computer,3 and

(3) installed software that allowed him to monitor Hernandez’s Facebook activity without

detection. From February through mid-March 2018, the administrator accessed

Hernandez’s Facebook account “very often” from Hernandez’s SDG laptop, App. 210,

and saw messages that revealed Defendants’ plans and the actions that they took to secure

SDG’s client information and other intellectual property.

       SDG sent Defendants cease and desist letters, and thereafter filed a complaint in

the New Jersey Superior Court alleging, among other things, breach of the duty of

loyalty, tortious interference with prospective business relationships, and

misappropriation of trade secrets. With the complaint, SDG sought a temporary


       2
         At the time of Defendants’ employment, SDG had no policies informing
employees that SDG retained the right to monitor their use of SDG computers, and did
not remind departing employees to log out of personal accounts prior to their departure.
       3
         SDG’s network administrator attempted to review the other Defendants’
browsing histories but was unable to do so “[b]ecause they cleared all of their
information and were logged out of all of their accounts.” App. 221.

                                             4
restraining order (“TRO”) and a preliminary injunction. Defendants removed the case to

the United States District Court for the District of New Jersey.

       After granting SDG’s request for a TRO, the District Court allowed the parties to

conduct expedited discovery and then it held argument on SDG’s injunction request.

Defendants produced, among other things, testimony from Hernandez, who insisted that

he logged out of his Facebook account before he returned his computer to SDG, and a

report from a computer forensics expert, who opined that (1) “it is highly unlikely” that

Hernandez’s Facebook account “remained logged on the SDG laptop after January 17,

2018” and (2) SDG accessed the Facebook account using Hernandez’s password. App.

245. In response, SDG produced a supplemental declaration from its network

administrator stating that he did not have Hernandez’s password and that Hernandez

“likely . . . misremembered logging out of his Facebook account” or may have “thought”

he logged out but did not do so because of Facebook’s “persistent” picture login

“feature,” which requires additional steps to completely log out. App. 342-46.

       The District Court acknowledged that the parties “hotly dispute” how SDG gained

access to Hernandez’s Facebook account but, without resolving this factual dispute,

determined that the unclean hands doctrine did not bar injunctive relief because (1) it

“may be reasonable” for an employer such as SDG to access password-protected content

on a company laptop; (2) SDG’s conduct “is arguably not related to the litigation”

because “[w]hile it goes to Plaintiff’s full knowledge of the underlying facts,”

Defendants’ alleged breaches of loyalty, tortious interference, and/or trade secret

violations predate SDG’s alleged hacking of Hernandez’s account and SDG’s actions did


                                             5
not “affect” the Defendants’ alleged violations; and (3) “[o]n balance,” the Court was not

persuaded that “unclean hands” should bar SDG’s right to pursue injunctive relief. App.

9. The Court then considered the preliminary injunction factors, determining that SDG

“demonstrated a strong likelihood of success on the merits of its breach of the duty of

loyalty claim” and that SDG would be irreparably harmed without an injunction barring

Defendants from soliciting SDG’s clients and from destroying information taken from

SDG. App. 18-22. Defendants appeal the Court’s decision not to apply the unclean

hands doctrine.

                                                   II4

       The unclean hands doctrine is “derived from the unwillingness of a court,

originally and still nominally one of conscience, to give its peculiar relief to a suitor who

in the very controversy has so conducted himself as to shock the moral sensibilities of the

judge.” Gaudiosi v. Mellon, 
269 F.2d 873
, 882 (3d Cir. 1959) (quotation marks and

citation omitted). The doctrine “applies when a party seeking relief has committed an

unconscionable act immediately related to the equity the party seeks in respect to the

litigation.” Highmark, Inc. v. UPMC Health Plan, Inc., 
276 F.3d 160
, 174 (3d Cir. 2001)


       4
         The District Court had jurisdiction over SDG’s claims against Defendants. 28
U.S.C. §§ 1331, 1367. We have jurisdiction to review the Court’s order granting a
preliminary injunction under 28 U.S.C. § 1292(a). The decision to grant or deny a
preliminary injunction is within the sound discretion of the district court. Winter v. Nat.
Res. Def. Council, Inc., 
555 U.S. 7
, 24, 33 (2008). “Ordinarily, an abuse of discretion
standard applies to our review of the district court’s application of the unclean hands
doctrine. However, the parameters of the unclean hands doctrine implicate a matter of
law,” Ne. Women’s Ctr., Inc. v. McMonagle, 
868 F.2d 1342
, 1354 (3d Cir. 1989), which
we review de novo, K.A. ex rel. Ayers v. Pocono Mountain Sch. Dist., 
710 F.3d 99
, 105
(3d Cir. 2013).

                                              6
(citing Keystone Driller Co. v. Gen. Excavator Co., 
290 U.S. 240
, 245 (1933)). Thus, a

party seeking to invoke the doctrine must show: (1) the party seeking equitable relief

committed an unconscionable act; and (2) the act is related to the claim upon which

equitable relief is sought.5

       The unclean hands doctrine “is not an automatic or absolute bar to relief; [rather,]

it is only one of the factors the court must consider when deciding whether to exercise its

discretion and grant an injunction.” 11A Charles Alan Wright & Arthur R. Miller,

Federal Practice and Procedure § 2946 (3d ed. 1998) (citing Johnson v. Yellow Cab

Transit Co., 
321 U.S. 383
, 387 (1944) (explaining that the unclean hands doctrine “is not

a rigid formula which ‘trammels the free and just exercise of discretion’”); Shondel v.

McDermott, 
775 F.2d 859
, 868 (7th Cir. 1985) (“Today, ‘unclean hands’ really just

means that in equity as in law the plaintiff’s fault, like the defendant’s, may be relevant to

the question of what if any remedy the plaintiff is entitled to.”); and Houston Oilers, Inc.

v. Neely, 
361 F.2d 36
(10th Cir. 1966)). Thus, a court retains the discretion to grant

equitable relief even where the elements of the unclean hands doctrine are met. See

Johnson, 321 U.S. at 387
(explaining that while “a federal court should not, in an

ordinary case, lend its judicial power to a plaintiff who seeks to invoke that power for the

purpose of consummating a transaction in clear violation of law” courts need not “always

permit a defendant wrongdoer to retain the profits of his wrongdoing merely because the

plaintiff himself is possibly guilty of transgressing the law in the transactions involved”);


       5
        Under our jurisprudence, proof of injury is not required. See, e.g., In re New
Valley Corp., 
181 F.3d 517
, 526 (3d Cir. 1999) (citing 
Gaudiosi, 269 F.2d at 881-82
).

                                              7
In re New Valley Corp., 
181 F.3d 517
, 525 (3d Cir. 1999) (even where there is a

“relationship between the inequitable conduct and the claims brought . . . the court has

discretion to limit the reach of the doctrine”).

       Even if SDG’s monitoring of Hernandez’s Facebook constituted the kind of act

that would be viewed as unconscionable,6 the District Court did not err in concluding the


       6
          “To prevail on an unclean hands defense, the defendant must show fraud,
unconscionability, or bad faith on the part of the plaintiff.” S & R Corp. v. Jiffy Lube
Int’l, Inc., 
968 F.2d 371
, 377 n.7 (3d Cir. 1992). The misconduct, however, “need not
necessarily have been of such a nature as to be punishable as a crime or as to justify legal
proceedings of any character. Any willful act concerning the cause of action which
rightfully can be said to transgress equitable standards of conduct is sufficient cause for
the invocation of the maxim . . . .” Monsanto Co. v. Rohm & Haas Co., 
456 F.2d 592
,
598 (3d Cir. 1972). Because showing unclean hands requires two elements, establishing
that an act is illegal or “transgress[es] equitable standards” is a necessary but insufficient
condition for the doctrine’s application. See Ciba-Geigy Corp. v. Bolar Pharm. Co., 
747 F.2d 844
, 855 (3d Cir. 1984) (holding unclean hands did not preclude injunction because
plaintiff’s alleged regulatory violations did “not implicate transgressions so egregious as
to merit the preclusion of an injunction” against manufacturer of generic drug found to
have violated trademark laws).
        Because the District Court did not clearly err by disposing of the unclean hands
argument on relatedness grounds, we need not decide whether SDG violated New Jersey
privacy law because the alleged “violation is at most collateral” to the causes of action
“involved in this lawsuit.” See Ne. Women’s 
Ctr., 868 F.2d at 1353
. In any event, our
dissenting colleague’s discussion about privacy and computers mistakenly asserts that
(1) an employer may only access personal password-protected content that an employee
viewed on a work computer “so long as the employer’s policies clearly communicate[]
that such content may be monitored,” Dissent Op. at 3, and (2) “mere use of a password
to protect an account or files generally conveys a clear intent to prevent others’ access,”
Dissent Op. at 6-7. The first point overstates the holding of Stengart v. Loving Care
Agency, Inc., 
990 A.2d 650
(N.J. 2010). In that case, the New Jersey Supreme Court
held that an employee who “plainly took steps to protect privacy of . . . emails” she sent
to her attorney through a third-party program on her company laptop, had a reasonable
expectation of privacy in those emails. 
Id. at 663,
664. The Stengart Court found that the
employee had (1) a subjective expectation of privacy based on her own affirmative
actions to protect her privacy, and (2) an objective expectation of privacy based on the
attorney-client nature of the communications and the company’s electronic
communications policy, which did not discuss the use of personal accounts on company

                                               8
conduct was not related to the claim upon which equitable relief was sought. For the

unclean hands doctrine to apply, “there must be a relationship between the inequitable

conduct and the claims brought before the court.” New Valley 
Corp., 181 F.3d at 525
(citations omitted). In describing the “relationship” element, we have said that the

unclean hands doctrine will bar recovery when such conduct “has immediate and

necessary relation” to the equity sought. 
Id. (quoting Keystone,
290 U.S. at 245). Thus,

the doctrine “only applies when there is a direct nexus between the bad conduct and the

activities sought to be enjoined.” Id.; see also Ne. Women’s Ctr., Inc. v. McMonagle,

868 F.2d 1342
, 1354, 1356 (3d Cir. 1989) (reversing district court’s determination that

unclean hands precluded issuance of injunction in favor of plaintiff women’s health clinic

because a physician’s failure to comply with state fetal tissue inspection law had no

relationship with defendant antiabortion protesters’ liability under the RICO, contract

interference, and trespass counts); Ciba-Geigy Corp. v. Bolar Pharm. Co., 
747 F.2d 844
,

855-56 (3d Cir. 1984) (affirming grant of permanent injunction and rejection of unclean



computers. 
Id. at 663-64.
The presence of a policy was a consideration but certainly was
not dispositive. 
Id. at 662-63.
Indeed, the Stengart Court emphasized the plaintiff’s
affirmative actions to protect her privacy on her work computer, including by not saving
her personal account password on it. 
Id. at 663,
665. Stengart is also distinguishable
from this case because Stengart involved emails to plaintiff-employee’s attorney and this
case involves review of browsing history on SDG’s computer, where there is a lesser
expectation of privacy. Liebeskind v. Rutgers Univ., No. A-0544-12T1, 
2014 WL 7662032
, at *7 (N.J. Super. Ct. App. Div. Jan. 22, 2015) (“The browsing history on
plaintiff’s workplace computer does not hold the same expectations of privacy that emails
to an attorney hold.”). The second point is based on a collection of various cases from
outside New Jersey that do not involve employees’ work computers, or the employers’
access to personal accounts the employee accessed from his work computer, or
circumstances where the employee saved login information on the employer’s computers.


                                             9
hands argument where “the alleged wrongdoings [did] not relate to the subject matter of

[the] claim”); Monsanto Co. v. Rohm & Haas Co., 
456 F.2d 592
, 598 (3d Cir. 1972)

(applying unclean hands doctrine to bar equitable remedies in patent infringement case

where patents at issue were procured through misrepresentations in the patent

application).7

         “Unless courts insist on a tight connection between the object of the injunction and

the misconduct of the plaintiff . . . . the right to injunctive relief . . . would have little

value [and] the defendant could divert the proceeding into the byways of collateral

misconduct.” 
Shondel, 775 F.2d at 869
. Such misdeeds are “‘collateral’ . . . when the

right for which the plaintiff seeks protection in the injunction suit did not accrue to him

because of the misdeed.” Restatement (Second) of Torts § 940 cmt. c (Am. Law Inst.

1979).

         The District Court applied these legal principles and declined to invoke the

unclean hands doctrine because SDG’s access of Hernandez’s Facebook account “does



         7
          We have also described the “relationship” element in somewhat looser terms.
See, e.g., Precision Instrument Mfg. Co. v. Auto. Maint. Mach. Co., 
324 U.S. 806
, 814-
15 (1945) (“[W]hile equity does not demand that its suitors shall have led blameless
lives, as to other matters, it does require that they shall have acted fairly and without
fraud or deceit as to the controversy in issue.”) (quotation marks and citations omitted)
(emphasis added)). Regardless of the phrasing, each articulation has a common thread:
the doctrine applies only where the unclean “conduct relat[es] to the matter in litigation,”
Ne. Women’s 
Ctr., 868 F.3d at 1355
, and “[t]he nexus ‘between the misconduct and the
claim must be close,’” 
Highmark, 276 F.3d at 174
(quoting New Valley 
Corp., 181 F.3d at 525
). The fact that a different framing of the relationship element is possible and the
District Court chose a narrower articulation does not mean that the Court erred. See
Hohe v. Casey, 
868 F.2d 69
, 70 (3d Cir. 1989).


                                                10
not affect the potential breaches of loyalty, tortious interference, and/or trade secret

violations that are the subject of the litigation and which occurred prior to Plaintiff’s

alleged hacking of Hernandez’s account.” App. 9. This conclusion was sound for three

reasons. First, SDG did not dirty its hands to “acquire[ the] rights” it asserts in its

complaint. S. Cal. Darts Ass’n v. Zaffina, 
762 F.3d 921
, 933 (9th Cir. 2014); see also

Restatement (Second) of Torts § 940 cmt. c (“equity will not aid a person to reap the

benefits of his own misconduct”). Unlike a patent holder who obtains patent rights based

upon a fraudulent patent application, 
Monsanto, 456 F.2d at 598
, SDG did not monitor

Hernandez’s Facebook account so it could obtain a right that SDG did not otherwise

have. Defendants owed a duty of loyalty to SDG long before the Facebook monitoring

occurred.

       Second, while SDG obtained proof of its duty of loyalty claim from its

monitoring, and thus it benefitted from its activity, SDG had a right to Defendants’

loyalty and could prove their breach of that duty without relying on the surreptitiously

obtained Facebook messages.8 Put differently, SDG’s alleged misconduct has a link with

Defendants’ breach of loyalty claim insofar as SDG’s conduct led it to proof of its duty of

loyalty claim, see App. 52 (Verified Compl. ¶ 75 (“To the extent these discussions

referred to downloads by Hernandez, McGinley and Waldron from the SDG computer

network, SDG was able to corroborate virtually all of them with the removal of portable

storage devices such as flash drives from users’ computers as logged by the auditing



       8
           That said, the Facebook messages would have been discoverable.

                                              11
function of SDG’s Windows domain operating system.”)), but this conduct did not give

rise to the claim upon which SDG seeks relief. Thus, SDG’s monitoring of the Facebook

messages is not related to “whether [Defendants], at some earlier point, stole [SDG’s]

property.” Sullens v. Graham, No. 14 CV 866, 
2014 WL 6765138
, at *2 (N.D. Ill. Dec.

1, 2014).

       Third, SDG’s alleged privacy violation and Defendants’ alleged breach of the duty

of loyalty are causes of action “governed by distinct bodies of law that provide their own

separate remedies for misconduct.”9 Intertek USA Inc. v. AmSpec, LLC, No. 14 CV

6160, 
2014 WL 4477933
, at *7 (N.D. Ill. Sept. 11, 2014).

       In sum, because relatedness is a “critical element of the unclean hands doctrine,”

New Valley 
Corp., 181 F.3d at 524
, and SDG’s allegedly unclean conduct is not directly

related to Defendants’ breach of the duty of loyalty, the District Court did not abuse its

discretion in declining to apply the unclean hands doctrine to deny SDG’s request for

equitable relief.

                                             III

       For the foregoing reasons, we will affirm.




       9
         Not only is the law distinct but the impact of the alleged conduct differs. Unlike
SDG’s Facebook monitoring, which has ceased, Defendants’ alleged theft of SDG’s
client information and other intellectual property could result in future economic harm.

                                             12
AMBRO, Circuit Judge, dissenting

       The District Court’s decision to issue a preliminary injunction preventing SDG’s

former employees from communicating with SDG clients or using SDG documents might

be the correct outcome in this case. And if, as my colleagues conclude, the Court

determined that SDG’s conduct was not sufficiently related to trigger unclean hands, I

agree affirmance may be appropriate. But because I am not sure it made such a

determination, and I think its privacy analysis is faulty, I am uncomfortable affirming at

this time.

       Unclean hands law prevents injunctive relief to one who otherwise would merit it.

Inequity cancels out equity. Under our precedent, unclean hands applies when (1) the

conduct of one seeking to enjoin another offends the court’s conscience and (2) “in some

measure affect[s] the equitable relations between the parties in respect of something

brought before the court for adjudication[, which typically goes by the term relatedness].”

Highmark, Inc. v. UPMC Health Plan, Inc., 
276 F.3d 160
, 174 (3d Cir. 2001) (quoting

Keystone Driller Co. v. General Excavator Co., 
290 U.S. 240
, 245 (1933)). We

ordinarily review an unclean hands ruling for abuse of discretion, but conduct plenary

review of a district court’s offensiveness and relatedness determinations to the extent they

implicate a matter of law. Ne. Women’s Ctr., Inc. v. McMonagle, 
868 F.2d 1342
, 1353–

54 (3d Cir. 1989).

       The District Court observed that SDG’s “conduct is arguably not related to the

litigation to find unclean hands. While it goes to [SDG’s] full knowledge of the
underlying facts, it does not affect the potential breaches of loyalty, tortious interference,

and/or trade secret violations that are the subject of the litigation and which occurred

prior to [SDG’s] alleged hacking of Hernandez’s account.” App. at 9. Though the Court

notes that this is “arguably” correct, it is not definitive. I have the same lack of certainty.

       For offensiveness, however, I part ways with the District Court and my colleagues.

The Court states that “it may be reasonable and does not necessarily amount to an

intrusion upon seclusion for an employer to have access to and view password-protected

content on a company laptop.” Id.1 I believe an incorrect view of New Jersey privacy law

affected the Court’s thinking as to whether SDG’s conduct—including accessing a

former employee’s password-protected PNC bank account and actively monitoring his

Facebook Messenger account—is offensive.

       Reasonable minds can interpret differently the Court’s ruling that, “[o]n balance,

[it] is not persuaded that Plaintiff’s ‘unclean hands’ should bar its right to pursue

injunctive relief.” 
Id. But if
its privacy analysis to get to that conclusion misses the

mark, a redo is in order. Hence I write separately to explain why I believe it is unlawful




1
 The opinion also refers to a discussion at the April 3 oral argument, which likewise
shows the Court is very skeptical that SDG’s conduct is concerning.
       MR. KISTLER: . . . . Your Honor, they continued to monitor and look at
       these communications after all of these individuals left the company on
       January 18th for another six weeks.
       THE COURT: Of course they would. Why wouldn’t they?
       MR. KISTLER: Because it’s illegal I would submit, Your Honor.
       THE COURT: I’m not at all persuaded of that. . . .
Apr. 3, 2018 TRO Tr. at 43:11–44:3 (emphases added).
                                               2
to access a former employee’s password-protected bank account and actively monitor his

private digital communications months after he resigned.

   I.      SDG’s access of Hernandez’s accounts was unlawful and offensive conduct

        A. Employer monitoring under New Jersey Law

        The District Court cites to Stengart v. Loving Care Agency, Inc., 
990 A.2d 650
(N.J. 2010), to support its view that SDG’s conduct “may be reasonable and does not

necessarily amount to an intrusion upon seclusion.” App. at 9. I don’t read Stengart that

way. It held that an employer may not view password-protected attorney-client emails

that an employee sent from a company computer and which it subsequently 
recovered. 990 A.2d at 665
. In so ruling, the Court stated not only that the computer-use policy of

the employer failed to disclose the monitoring of employee activities on company

computers, 
id. at 659,
but also concluded that these emails would still be privileged and

access to them unenforceable even if the company had such a policy, 
id. at 665.
The

employee in Stengart had a subjective expectation of privacy in her use of personal,

password-protected accounts on her company laptop and an “objectively reasonable

expectation” of privacy based on “the language of the Policy and the attorney-client

nature of the communications.” 
Id. at 663.
        Though SDG accessed content that was not attorney-client privileged, it was

clearly private. SDG accessed that content not by recovering from Hernandez’s company

computer copies of the messages he viewed or sent but rather by infiltrating his personal,

password-protected accounts. In other words, SDG went on an external fishing

expedition rather than merely conducting a review of activity on its own physical assets.

                                             3

Stengart, 990 A.2d at 665
. And SDG also didn’t have any policies disclosing its

monitoring practices.2 Thus nothing in Stengart nor any subsequent New Jersey case

suggests SDG’s conduct is permissible.

      SDG concedes these facts. Its head of Information Technology, Jason

Gerstenfeld, reviewed the browser history from Hernandez’s old SDG laptop roughly a

month after Hernandez resigned. While viewing it, Gerstenfeld clicked on links to many

of Hernandez’s personal, password-protected, and off-premises accounts. He

successfully bypassed the log-in requirements for three of them: Hernandez’s personal

PNC Bank Account, his Dropbox account (associated with his SDG email), and his

Facebook Messenger account. From February 15 through March 15, Gerstenfeld and

SDG’s founder, Glenn Scherer, monitored many times a day Hernandez’s Facebook

Messenger activity, which is both password-protected and end-to-end encrypted. To

repeat, SDG had no computer-use policies disclosing that the company might monitor

employee activity on its computers or access personal accounts of employees after they

left the company.




2
  Indeed, a non-precedential New Jersey Superior Court case interpreting Stengart
suggests that even a clear policy may not permit an employer to retrieve and view
password-protected personal communications or accounts that the employee accessed on
a work computer. In Liebeskind v. Rutgers Univ., No. A-0544-12T1, 
2014 WL 7662032
,
at *7 (N.J. Super. Ct. App. Div. Jan. 22, 2015), the Court held that an employee lacked an
expectation of privacy in his non-password-protected browsing history on his company
computer where Rutgers had a clear policy that it “reserve[d] the right to examine
material stored on or transmitted through its facilities.” The Court emphasized, however,
that, “[i]mportantly, there is no competent evidence that defendants tried to access the
content of personal, password-protected emails or personal accounts.” 
Id. 4 This
conduct surely is beyond the scope of permissible conduct that Stengart

recognizes. SDG infiltrated password-protected accounts hosted on third-party servers

and networks without any authorization. It had no connection to or right to view the

information in these private accounts (except through the traditional discovery process,

which has procedural safeguards on information acquisition and use). And neither the

parties nor my colleagues can identify any authority under New Jersey law that suggests a

mere computer-use policy may permit a company to acquire password-protected

information not already stored on a company computer.

       B. Access to personal, password-protected accounts as intrusions upon seclusion

       A traditional intrusion analysis leads me to believe that SDG’s conceded conduct

is tortious. Under New Jersey law, the elements of a privacy claim based on intrusion

upon seclusion are (1) intentional conduct that (2) intrudes into a private space and (3) is

“highly offensive” to a reasonable person. In re Nickelodeon Consumer Privacy Litig.,

827 F.3d 262
, 293 (3d Cir. 2016) (citing Hennessey v. Coastal Eagle Point Oil Co., 
609 A.2d 11
, 17 (1992)). Let’s look at each element.

       i.     Intentional conduct

       A person acts intentionally if he knows he lacks either legal or personal permission

to intrude into a private space. 
Id. (citing O’Donnell
v. United States, 
891 F.2d 1079
, 1083

(3d Cir. 1989)). In other words, if an intruder searches another’s private space and is

uncertain whether her search is lawful but knows it was without consent, the intruder acts

intentionally. 
Id. As Hernandez
never gave his permission for SDG to access his

password-protected accounts, it acted intentionally.

                                              5
       ii.    Intrusion into private space

       An intrusion must invade a private space, meaning the victim must have a

reasonable expectation of privacy in the intruded space. Kline v. Sec. Guards, Inc., 
386 F.3d 246
, 260 (3d Cir. 2004) (citing Restatement (Second) of Torts § 652B).3 Individuals

have a reasonable expectation of privacy in password-protected online accounts and

communications. See, e.g., United States v. Stabile, 
633 F.3d 219
, 233 (3d Cir. 2011)

(observing that employing a password on a shared computer can protect a user’s privacy

rights vis a vis a third-party to whom a co-owner grants access); Trulock v. Freeh, 
275 F.3d 391
, 403 (4th Cir. 2001) (“Trulock’s password-protected files are analogous to the locked

footlocker inside the bedroom. By using a password, Trulock affirmatively intended to

exclude Conrad and others from his personal files.”).

       A cursory review of our sister circuits shows that the mere use of a password to

protect an account or files generally conveys a clear intent to prevent others’ access. This

preserves a user’s reasonable expectation of privacy as to the bypassing intruder. See, e.g.,

United States v. Thomas, 
818 F.3d 1230
, 1241–42 (11th Cir. 2016) (stating that use of a

separate, unshared password or encryption will preserve a user’s expectation of privacy as

to a third party who happens to access the account); United States v. Heckenkamp, 
482 F.3d 1142
, 1146–47 (9th Cir. 2007) (concluding that a student’s use of a “screen-saver



3
  While Kline applies Pennsylvania law, we have observed that “[s]ince the highest
courts of both New Jersey and Pennsylvania have looked to the same treatise, we are
comfortable adopting” the same standards in the intrusion context. 
Nickelodeon, 827 F.3d at 293
n.194.

                                             6
password” preserved his objective and subjective expectations of privacy); United States

v. Andrus, 
483 F.3d 711
, 719 (10th Cir. 2007) (ruling that a user retains an expectation of

privacy in a computer where the password’s protections are bypassed so long as the

bypasser reasonably knew the account was password-protected).

       What if Hernandez hadn’t cleared his browser history? He attests that he did, but

would it matter if he forgot or simply had no way to stop however SDG accessed his

accounts?4   No, for borrowing a person’s jacket and discovering a notecard with

handwritten passwords to an email or bank account does not make the information on those

accounts any less private. In the intrusion context, mere lapses of mind or capacity are

insufficient to waive a privacy interest in password-protected accounts. See K-Mart Corp.

Store No. 7441 v. Trotti, 
677 S.W.2d 632
, 638 (Tex. App. 1984) (where an employer

intrudes upon an employee’s seclusion by searching her locked locker, “it is immaterial

whether the [employee] actually securely locked her locker or not”) (emphasis added); see

also, e.g., Hernandez v. Hillsides, Inc., 
211 P.3d 1063
, 1076 (Cal. 2009) (employees

maintain reasonable expectations of privacy from covert monitoring even though

“colleagues, supervisors, visitors, and security and maintenance personnel have varying

degrees of access” to shared office).



4
  SDG’s forensic report suggests that Hernandez did delete his browser history, but that
local files stored on the SDG system gave SDG a backdoor way into his account. “Given
the volume and granularity of Internet History records, cached web pages, form fill data,
and file access information, available in [SDG’s local] dhernandez user profile, efforts to
clear the Internet History were unsuccessful[,] leaving session cookies, login information,
and other cached data available for another user.” App. at 381 (emphasis added). The
record does not address whether Hernandez could view or delete these files.
                                            7
       Stengart aligns with these principles. SDG used a former employee’s browsing

history to access and actively monitor his external, password-protected accounts. This is

an intrusion into private space.

       iii.   Highly offensive

       An intentional intrusion into a private space must also be highly offensive to a

reasonable person, a determination usually made by juries. See, e.g., 
Nickelodeon, 827 F.3d at 295
; In re Google Inc. Cookie Placement Consumer Privacy Litig., 
806 F.3d 125
,

151 (3d Cir. 2015). When pressed, as here, to articulate whether an intrusion is highly

offensive as a matter of law, courts generally balance interests. See, e.g., Borse v. Piece

Goods Shop, Inc., 
963 F.2d 611
, 625 (3d Cir. 1992) (predicting the Pennsylvania

Supreme Court would consider all facts surrounding a drug screening program and weigh

the employee’s privacy interest against the employer’s interest in maintaining a drug-free

workplace); Safari Club Int’l v. Rudolph, 
862 F.3d 1113
, 1127 (9th Cir. 2017) (holding

that under California law an intrusion is highly offensive if it satisfies a balancing test

with relevant factors that include “the degree and setting of the intrusion[] and the

intruder’s motives and objectives”).

       From my review of the conceded facts, I conclude that SDG’s conduct was highly

offensive given the types of information accessed along with the manner of its intrusions.

And, to make matters worse, SDG had a way through discovery to acquire legally all

information relevant to its former employees’ alleged misconduct.




                                               8
               a.     Type of information accessed

       The Second Restatement of Torts lists unconsented access to private

correspondence, bank accounts, and safes as examples of highly offensive intrusions. See

Restatement (Second) of Torts § 652B cmt b (explaining that tortious intrusions are

committed, for example, “as by opening his private and personal mail, searching his safe

or his wallet, examining his private bank account, or compelling him by forged court order

to permit an inspection of his personal documents”). Indeed, SDG’s access of Hernandez’s

private bank account appears to violate the Computer Fraud and Abuse Act. See, e.g., 18

U.S.C. § 1030 (a)(2)(A), (c)(2)(A) (providing for fines and imprisonment of not more than

one year for anyone who “intentionally accesses a computer without authorization or

exceeds authorized access, and thereby obtains . . . information contained in a financial

record of a financial institution . . . .”); United States v. Tolliver, 451 F. App’x 97, 103 (3d

Cir. 2011).5

       The personal communications here were private and must not be viewed absent

legal mandate or clear and knowing consent by the sender or a named recipient. Today

private communications are perhaps the most common way for people to build authentic

relationships, share intimate facts, and expose to another ideas or habits that are works in

progress.6 Private communications are also critical to human organization. People use


5
 Federal statutes, not implicated here, also criminalize unauthorized access to personal
communications. See, e.g., 18 U.S.C. § 1702 (unconsented access to another’s mail); 18
U.S.C. §§ 2511(1), (4)–(5) (interception of another’s electronic communications).
6
 For this reason, private communications have been a particular concern since the
privacy movement began in the United States. See, e.g., Samuel D. Warren & Louis D.
                                               9
private messages to plan and advance commercial opportunities (as we see here), political

campaigns, and academic research, to name a few. Permitting third parties to monitor

private communications without clear permission or legal authorization poses grave and

profound risks to a free society.

              b.     The manner of SDG’s intrusion

       The way SDG intruded—with covert, sustained, and overbroad monitoring of its

former employees’ communications—is also highly concerning. It took steps to obscure

its monitoring when Gerstenfeld installed the application “fbunseen,” which permitted the

company to review Hernandez’s Facebook Messenger conversations without the other

participants knowing.

       Once in the account, SDG’s search for useful information lasted roughly a month.

Both alongside Scherer and on his own, Gerstenfeld monitored Hernandez’s Facebook

messages many times a day for a month. He continued to monitor actively Hernandez’s

Facebook Messenger account until March 15, roughly a week after SDG filed suit.




Brandeis, The Right to Privacy, 4 Harv. L. Rev. 193 (1890) (“The common law secures to
each individual the right of determining, ordinarily, to what extent his thoughts,
sentiments, and emotions shall be communicated to others”); Millar v. Taylor, 4 Burr.
2303, 2379 (1769) (“It is certain every man has a right to keep his own sentiments, if he
pleases. He has certainly a right to judge whether he will make them public, or commit
them only to the sight of his friends.”); see also Bradley A. Areheart & Jessica L.
Roberts, GINA, Big Data, and the Future of Employee Privacy, 128 Yale L.J. 710, 779
(2019) (“Privacy has independent moral value because it allows us to define our
relationships through what we keep secret and what we disclose. . . . With respect to
intrinsic privacy harms, the detriment is the invasion itself, regardless of whether the
intruder actually acts on that information.”) (citations omitted).
                                           10
       And nothing in the record suggests the scope of SDG’s review and acquisition of

Hernandez’s communications was narrow.            SDG snooped on conversations between

Hernandez and other friends not related to this litigation. SDG also does not dispute the

account of Chad Schwartz, one of the ventures’ founders, who declared under penalty of

perjury that it reviewed and downloaded privileged attorney communications from

Hernandez’s account. From the breadth and duration of the search, we may fairly infer

that SDG looked for any information that might be useful to its investigation and litigation,

its awareness of its competitors’ commercial strategies, or gaining understanding of their

founders’ activities. This monitoring is offensive to anyone’s reasonable expectation of

privacy.

              c.     SDG didn’t need to act so brazenly

       We have litigation to resolve disputes by a legal process, which includes discovery.

And indeed SDG had expedited discovery. And yet for SDG that wasn’t enough. To the

extent Hernandez’s accounts held relevant information, I repeat that this information

should only have come to light through discovery rather than prior misconduct.

       Balancing the interests here, I have no doubt that SDG’s conduct was sufficiently

offensive for purposes of an unclean hands inquiry.

                                     II.    Relatedness

       That conduct is unlawful or otherwise offensive to the court’s conscience does not

mean unclean hands necessarily bars equitable relief. It must also bear a sufficient

relationship to either the litigation or claims for equitable relief. As implied above, I



                                             11
think the District Court could have concluded that SDG’s conduct was not related to the

equitable relief it sought. Or it could have ruled the other way.

       Our Court has described the relatedness requirement in various ways over the

years. From my review, the three articulations we have most frequently endorsed are:

       1. That courts “close their doors” “only for such violations of conscience as in
          some measure affect the equitable relations between the parties in respect of
          something brought before the court for adjudication.’” Highmark, Inc. v.
          UPMC Health Plan, Inc., 
276 F.3d 160
, 174 (3d Cir. 2001) (quoting 
Keystone, 290 U.S. at 245
).

       2. That there must be an “‘immediate and necessary relation to the equity that’
          the party seeks.” In re New Valley Corp., 
181 F.3d 517
, 525 (3d Cir. 1999)
          (citing 
Keystone, 290 U.S. at 245
).

       3. That “the nexus ‘between the misconduct and the claim must be close.’”
          
Highmark, 276 F.3d at 174
(quoting In re New Valley 
Corp., 181 F.3d at 525
).

       This is not an exhaustive list, and we are not alone in recognizing many standards

of relatedness, a practice that dates back over a century. See generally Pomeroy, Equity

Jurisprudence §§ 397, 399–403 (5th ed. 2002) (discussing the broad principles that

govern unclean hands, its limitations, and distinct analyses in various contexts). As the

majority notes, “that a different framing of the relationship element is possible and the

District Court chose a narrower articulation does not mean that the Court erred.”

Majority Op. at 10 n.7. I would only add “necessarily” before “mean.”

       In its ruling, the District Court applied a two-part test—to be related, the plaintiff’s

conduct must (1) “bear direct relation to the matter in litigation/before the Court . . . [and

(2)] affect the balance of equities.” SDG includes in its complaint snapshots of

Hernandez’s private messages. This satisfies the first requirement. The second


                                              12
requirement is vague by design and gives district courts discretion to determine when

misconduct, already connected to the litigation, is sufficiently related for unclean hands

to bar equitable relief. See, e.g., Keystone Driller Co. v. Gen. Excavator Co., 
290 U.S. 240
, 245–46 (1933) (“[Courts] do not close their doors because of plaintiff’s misconduct,

whatever its character, that has no relation to anything involved in the suit, but only for

such violations of conscience as in some measure affect the equitable relations between

the parties in respect of something brought before the court for adjudication. . . . They

are not bound by formula or restrained by any limitation that tends to trammel the free

and just exercise of discretion.”). Thus the District Court could conclude that SDG’s

conduct affected the balance of the equities between the parties.

       One way this is possible is if the Court found that the similarity of SDG’s conduct

to the conduct it challenges affected the balance of equities between the parties—in

effect, “a pox on both their houses.” The Court stated that Defendants’ acquisition of

SDG documents is the central basis for the lone claim triggering a preliminary injunction

(a breach of New Jersey’s duty of loyalty). SDG responded to this activity by accessing

Hernandez’s external, password-protected accounts and taking information related to

him, SDG’s new competitors, and their founders. Thus both parties unlawfully acquired

from the other information relevant to their competing businesses. Further, each also

“abused” Hernandez’s relationship with SDG: Hernandez used his employment to

acquire SDG information; SDG used Hernandez’s activity as an employee to acquire his

information. Given these similarities, I think the District Court could have concluded



                                             13
that SDG’s conduct affected the balance of equities between the parties. See Ciba-Geigy

Corp. v. Bolar Pharm. Co., 
747 F.2d 844
, 855 (3d Cir. 1984).

       Though SDG’s conduct was offensive and highly so, the District Court here was

within its discretion to rule either way as to whether SDG’s access to private accounts

was related to the equitable remedies it sought. Thus it could have granted equitable

relief in full, as to only certain claims and defendants, or not at all.

       But what the Court decided on relatedness was not definitive. It concluded only

that SDG’s conduct was “arguably not related,” and that, “[o]n balance,” unclean hands

should not apply to bar a preliminary injunction in favor of SDG. Because I think the

Court erred in its privacy analysis and this—at least in part—informed its decision not to

apply unclean hands, I cannot affirm at this time. See, e.g., Sprint/United Mgmt. Co. v.

Mendelsohn, 
552 U.S. 379
, 386–88 (2008) (where a district court’s decision is reviewed

for abuse of discretion and may stem from underlying error, the proper course is to clarify

the operative legal inquiry and remand unless the record permits only one resolution of

the issue). I would clarify the privacy law issue, vacate and remand, and preserve the

status quo between the parties so the District Court could consider the unclean hands

question within that legal framework.

       Thus I respectfully dissent.




                                               14

Source:  CourtListener

Can't find what you're looking for?

Post a free question on our public forum.
Ask a Question
Search for lawyers by practice areas.
Find a Lawyer