Filed: Feb. 25, 2019
Latest Update: Mar. 03, 2020
Summary: NOT PRECEDENTIAL UNITED STATES COURT OF APPEALS FOR THE THIRD CIRCUIT _ No. 18-2835 _ SCHERER DESIGN GROUP, LLC v. AHEAD ENGINEERING LLC; FAR FIELD TELECOM LLC; KYLE MCGINLEY; DANIEL HERNANDEZ; RYAN WALDRON; CHAD SCHWARTZ Appellants _ Appeal from the United States District Court for the District of New Jersey (D.C. No. 3-18-cv-03540) District Judge: Hon. Anne E. Thompson _ Argued January 7, 2019 _ Before: AMBRO, SHWARTZ, and FUENTES, Circuit Judges. (Filed: February 25, 2019) _ OPINION _ Ronald
Summary: NOT PRECEDENTIAL UNITED STATES COURT OF APPEALS FOR THE THIRD CIRCUIT _ No. 18-2835 _ SCHERER DESIGN GROUP, LLC v. AHEAD ENGINEERING LLC; FAR FIELD TELECOM LLC; KYLE MCGINLEY; DANIEL HERNANDEZ; RYAN WALDRON; CHAD SCHWARTZ Appellants _ Appeal from the United States District Court for the District of New Jersey (D.C. No. 3-18-cv-03540) District Judge: Hon. Anne E. Thompson _ Argued January 7, 2019 _ Before: AMBRO, SHWARTZ, and FUENTES, Circuit Judges. (Filed: February 25, 2019) _ OPINION _ Ronald ..
More
NOT PRECEDENTIAL
UNITED STATES COURT OF APPEALS
FOR THE THIRD CIRCUIT
______________
No. 18-2835
______________
SCHERER DESIGN GROUP, LLC
v.
AHEAD ENGINEERING LLC; FAR FIELD TELECOM LLC; KYLE MCGINLEY;
DANIEL HERNANDEZ; RYAN WALDRON; CHAD SCHWARTZ
Appellants
______________
Appeal from the United States District Court
for the District of New Jersey
(D.C. No. 3-18-cv-03540)
District Judge: Hon. Anne E. Thompson
_____________
Argued January 7, 2019
______________
Before: AMBRO, SHWARTZ, and FUENTES, Circuit Judges.
(Filed: February 25, 2019)
______________
OPINION
______________
Ronald D. Coleman, Esq. [ARGUED]
Brian Block, Esq.
Mandelbaum Salsburg
3 Becker Farm Road
This disposition is not an opinion of the full Court and, pursuant to I.O.P. 5.7,
does not constitute binding precedent.
Suite 105
Roseland, NJ 07068
Counsel for Appellee
David Kistler, Esq. [ARGUED]
Blank Rome
300 Carnegie Center
Suite 220
Princeton, NJ 08540
Michael A. Iannucci, Esq.
Blank Rome
130 North 18th Street
One Logan Square
Philadelphia, PA 19103
Counsel for Appellants
SHWARTZ, Circuit Judge.
Scherer Design Group, LLC (“SDG”), obtained a preliminary injunction that
stopped its former employees, Defendants Daniel Hernandez, Ryan Waldron, Chad
Schwartz, and Kyle McGinley, from contacting SDG’s clients and destroying information
taken from SDG. Defendants assert that SDG surreptitiously monitored Hernandez’s
Facebook activity after he left SDG, and claim this constitutes unclean hands barring
SDG from obtaining equitable relief. Because the Court acted within its discretion in
declining to apply the unclean hands doctrine, we will affirm.
2
I1
SDG is an engineering firm that provides services to wireless carriers and other
vendors in the telecommunications business. Schwartz alleges that he was promised a
partnership in SDG. During discussions about a potential ownership stake, Schwartz
informed SDG that if he did not reach an agreement with SDG, he would start a
competing engineering firm. SDG asked Schwartz to enter a noncompete agreement, but
he declined, and, in November 2017, Schwartz resigned and started two competing
engineering firms, Defendants Ahead Engineering and Far Field Telecom.
Schwartz thereafter recruited Hernandez, McGinley, and Waldron to join his
firms. While Hernandez, McGinley, and Waldron were still employed by SDG, they
(1) discussed their new venture using, at least in part, Facebook, and (2) transmitted
SDG’s documents and information to Schwartz’s firms.
During the 2017 Christmas vacation period, Schwartz accepted a project from one
of SDG’s largest clients, ExteNet, which SDG had allegedly declined because SDG
would be closed through the New Year. Schwartz asked Waldron, who was on vacation
from SDG at the time, to assist him with the project. ExteNet eventually left SDG and
became Schwartz’s client.
Hernandez, McGinley, and Waldron resigned from SDG in January 2018.
Hernandez testified that while he worked at SDG, he accessed his Facebook account from
1
“In an appeal from the grant or denial of a preliminary injunction, we typically
view the facts in the light most favorable to the prevailing party.” Arrowpoint Capital
Corp. v. Arrowpoint Asset Mgmt., LLC,
793 F.3d 313, 316 n.1 (3d Cir. 2015).
3
his SDG laptop, and “would log off sometimes and leave it open sometimes,” but that on
the day he resigned from SDG—at the direction of his co-Defendants—he “closed out of
Facebook” by clearing the history on the internet browsers on his SDG laptop, App. 227,
334 (“I cleared the passwords which logs you out.”).
After the mass resignation and loss of ExteNet as a client, SDG’s network
administrator was instructed to examine Defendants’ SDG computers.2 The
administrator (1) reviewed Hernandez’s browser history using software that allowed him
to access deleted activity, (2) asserts that he accessed Hernandez’s Facebook account
without a password because Hernandez had not cleared it from the computer,3 and
(3) installed software that allowed him to monitor Hernandez’s Facebook activity without
detection. From February through mid-March 2018, the administrator accessed
Hernandez’s Facebook account “very often” from Hernandez’s SDG laptop, App. 210,
and saw messages that revealed Defendants’ plans and the actions that they took to secure
SDG’s client information and other intellectual property.
SDG sent Defendants cease and desist letters, and thereafter filed a complaint in
the New Jersey Superior Court alleging, among other things, breach of the duty of
loyalty, tortious interference with prospective business relationships, and
misappropriation of trade secrets. With the complaint, SDG sought a temporary
2
At the time of Defendants’ employment, SDG had no policies informing
employees that SDG retained the right to monitor their use of SDG computers, and did
not remind departing employees to log out of personal accounts prior to their departure.
3
SDG’s network administrator attempted to review the other Defendants’
browsing histories but was unable to do so “[b]ecause they cleared all of their
information and were logged out of all of their accounts.” App. 221.
4
restraining order (“TRO”) and a preliminary injunction. Defendants removed the case to
the United States District Court for the District of New Jersey.
After granting SDG’s request for a TRO, the District Court allowed the parties to
conduct expedited discovery and then it held argument on SDG’s injunction request.
Defendants produced, among other things, testimony from Hernandez, who insisted that
he logged out of his Facebook account before he returned his computer to SDG, and a
report from a computer forensics expert, who opined that (1) “it is highly unlikely” that
Hernandez’s Facebook account “remained logged on the SDG laptop after January 17,
2018” and (2) SDG accessed the Facebook account using Hernandez’s password. App.
245. In response, SDG produced a supplemental declaration from its network
administrator stating that he did not have Hernandez’s password and that Hernandez
“likely . . . misremembered logging out of his Facebook account” or may have “thought”
he logged out but did not do so because of Facebook’s “persistent” picture login
“feature,” which requires additional steps to completely log out. App. 342-46.
The District Court acknowledged that the parties “hotly dispute” how SDG gained
access to Hernandez’s Facebook account but, without resolving this factual dispute,
determined that the unclean hands doctrine did not bar injunctive relief because (1) it
“may be reasonable” for an employer such as SDG to access password-protected content
on a company laptop; (2) SDG’s conduct “is arguably not related to the litigation”
because “[w]hile it goes to Plaintiff’s full knowledge of the underlying facts,”
Defendants’ alleged breaches of loyalty, tortious interference, and/or trade secret
violations predate SDG’s alleged hacking of Hernandez’s account and SDG’s actions did
5
not “affect” the Defendants’ alleged violations; and (3) “[o]n balance,” the Court was not
persuaded that “unclean hands” should bar SDG’s right to pursue injunctive relief. App.
9. The Court then considered the preliminary injunction factors, determining that SDG
“demonstrated a strong likelihood of success on the merits of its breach of the duty of
loyalty claim” and that SDG would be irreparably harmed without an injunction barring
Defendants from soliciting SDG’s clients and from destroying information taken from
SDG. App. 18-22. Defendants appeal the Court’s decision not to apply the unclean
hands doctrine.
II4
The unclean hands doctrine is “derived from the unwillingness of a court,
originally and still nominally one of conscience, to give its peculiar relief to a suitor who
in the very controversy has so conducted himself as to shock the moral sensibilities of the
judge.” Gaudiosi v. Mellon,
269 F.2d 873, 882 (3d Cir. 1959) (quotation marks and
citation omitted). The doctrine “applies when a party seeking relief has committed an
unconscionable act immediately related to the equity the party seeks in respect to the
litigation.” Highmark, Inc. v. UPMC Health Plan, Inc.,
276 F.3d 160, 174 (3d Cir. 2001)
4
The District Court had jurisdiction over SDG’s claims against Defendants. 28
U.S.C. §§ 1331, 1367. We have jurisdiction to review the Court’s order granting a
preliminary injunction under 28 U.S.C. § 1292(a). The decision to grant or deny a
preliminary injunction is within the sound discretion of the district court. Winter v. Nat.
Res. Def. Council, Inc.,
555 U.S. 7, 24, 33 (2008). “Ordinarily, an abuse of discretion
standard applies to our review of the district court’s application of the unclean hands
doctrine. However, the parameters of the unclean hands doctrine implicate a matter of
law,” Ne. Women’s Ctr., Inc. v. McMonagle,
868 F.2d 1342, 1354 (3d Cir. 1989), which
we review de novo, K.A. ex rel. Ayers v. Pocono Mountain Sch. Dist.,
710 F.3d 99, 105
(3d Cir. 2013).
6
(citing Keystone Driller Co. v. Gen. Excavator Co.,
290 U.S. 240, 245 (1933)). Thus, a
party seeking to invoke the doctrine must show: (1) the party seeking equitable relief
committed an unconscionable act; and (2) the act is related to the claim upon which
equitable relief is sought.5
The unclean hands doctrine “is not an automatic or absolute bar to relief; [rather,]
it is only one of the factors the court must consider when deciding whether to exercise its
discretion and grant an injunction.” 11A Charles Alan Wright & Arthur R. Miller,
Federal Practice and Procedure § 2946 (3d ed. 1998) (citing Johnson v. Yellow Cab
Transit Co.,
321 U.S. 383, 387 (1944) (explaining that the unclean hands doctrine “is not
a rigid formula which ‘trammels the free and just exercise of discretion’”); Shondel v.
McDermott,
775 F.2d 859, 868 (7th Cir. 1985) (“Today, ‘unclean hands’ really just
means that in equity as in law the plaintiff’s fault, like the defendant’s, may be relevant to
the question of what if any remedy the plaintiff is entitled to.”); and Houston Oilers, Inc.
v. Neely,
361 F.2d 36 (10th Cir. 1966)). Thus, a court retains the discretion to grant
equitable relief even where the elements of the unclean hands doctrine are met. See
Johnson, 321 U.S. at 387 (explaining that while “a federal court should not, in an
ordinary case, lend its judicial power to a plaintiff who seeks to invoke that power for the
purpose of consummating a transaction in clear violation of law” courts need not “always
permit a defendant wrongdoer to retain the profits of his wrongdoing merely because the
plaintiff himself is possibly guilty of transgressing the law in the transactions involved”);
5
Under our jurisprudence, proof of injury is not required. See, e.g., In re New
Valley Corp.,
181 F.3d 517, 526 (3d Cir. 1999) (citing
Gaudiosi, 269 F.2d at 881-82).
7
In re New Valley Corp.,
181 F.3d 517, 525 (3d Cir. 1999) (even where there is a
“relationship between the inequitable conduct and the claims brought . . . the court has
discretion to limit the reach of the doctrine”).
Even if SDG’s monitoring of Hernandez’s Facebook constituted the kind of act
that would be viewed as unconscionable,6 the District Court did not err in concluding the
6
“To prevail on an unclean hands defense, the defendant must show fraud,
unconscionability, or bad faith on the part of the plaintiff.” S & R Corp. v. Jiffy Lube
Int’l, Inc.,
968 F.2d 371, 377 n.7 (3d Cir. 1992). The misconduct, however, “need not
necessarily have been of such a nature as to be punishable as a crime or as to justify legal
proceedings of any character. Any willful act concerning the cause of action which
rightfully can be said to transgress equitable standards of conduct is sufficient cause for
the invocation of the maxim . . . .” Monsanto Co. v. Rohm & Haas Co.,
456 F.2d 592,
598 (3d Cir. 1972). Because showing unclean hands requires two elements, establishing
that an act is illegal or “transgress[es] equitable standards” is a necessary but insufficient
condition for the doctrine’s application. See Ciba-Geigy Corp. v. Bolar Pharm. Co.,
747
F.2d 844, 855 (3d Cir. 1984) (holding unclean hands did not preclude injunction because
plaintiff’s alleged regulatory violations did “not implicate transgressions so egregious as
to merit the preclusion of an injunction” against manufacturer of generic drug found to
have violated trademark laws).
Because the District Court did not clearly err by disposing of the unclean hands
argument on relatedness grounds, we need not decide whether SDG violated New Jersey
privacy law because the alleged “violation is at most collateral” to the causes of action
“involved in this lawsuit.” See Ne. Women’s
Ctr., 868 F.2d at 1353. In any event, our
dissenting colleague’s discussion about privacy and computers mistakenly asserts that
(1) an employer may only access personal password-protected content that an employee
viewed on a work computer “so long as the employer’s policies clearly communicate[]
that such content may be monitored,” Dissent Op. at 3, and (2) “mere use of a password
to protect an account or files generally conveys a clear intent to prevent others’ access,”
Dissent Op. at 6-7. The first point overstates the holding of Stengart v. Loving Care
Agency, Inc.,
990 A.2d 650 (N.J. 2010). In that case, the New Jersey Supreme Court
held that an employee who “plainly took steps to protect privacy of . . . emails” she sent
to her attorney through a third-party program on her company laptop, had a reasonable
expectation of privacy in those emails.
Id. at 663, 664. The Stengart Court found that the
employee had (1) a subjective expectation of privacy based on her own affirmative
actions to protect her privacy, and (2) an objective expectation of privacy based on the
attorney-client nature of the communications and the company’s electronic
communications policy, which did not discuss the use of personal accounts on company
8
conduct was not related to the claim upon which equitable relief was sought. For the
unclean hands doctrine to apply, “there must be a relationship between the inequitable
conduct and the claims brought before the court.” New Valley
Corp., 181 F.3d at 525
(citations omitted). In describing the “relationship” element, we have said that the
unclean hands doctrine will bar recovery when such conduct “has immediate and
necessary relation” to the equity sought.
Id. (quoting Keystone, 290 U.S. at 245). Thus,
the doctrine “only applies when there is a direct nexus between the bad conduct and the
activities sought to be enjoined.” Id.; see also Ne. Women’s Ctr., Inc. v. McMonagle,
868 F.2d 1342, 1354, 1356 (3d Cir. 1989) (reversing district court’s determination that
unclean hands precluded issuance of injunction in favor of plaintiff women’s health clinic
because a physician’s failure to comply with state fetal tissue inspection law had no
relationship with defendant antiabortion protesters’ liability under the RICO, contract
interference, and trespass counts); Ciba-Geigy Corp. v. Bolar Pharm. Co.,
747 F.2d 844,
855-56 (3d Cir. 1984) (affirming grant of permanent injunction and rejection of unclean
computers.
Id. at 663-64. The presence of a policy was a consideration but certainly was
not dispositive.
Id. at 662-63. Indeed, the Stengart Court emphasized the plaintiff’s
affirmative actions to protect her privacy on her work computer, including by not saving
her personal account password on it.
Id. at 663, 665. Stengart is also distinguishable
from this case because Stengart involved emails to plaintiff-employee’s attorney and this
case involves review of browsing history on SDG’s computer, where there is a lesser
expectation of privacy. Liebeskind v. Rutgers Univ., No. A-0544-12T1,
2014 WL
7662032, at *7 (N.J. Super. Ct. App. Div. Jan. 22, 2015) (“The browsing history on
plaintiff’s workplace computer does not hold the same expectations of privacy that emails
to an attorney hold.”). The second point is based on a collection of various cases from
outside New Jersey that do not involve employees’ work computers, or the employers’
access to personal accounts the employee accessed from his work computer, or
circumstances where the employee saved login information on the employer’s computers.
9
hands argument where “the alleged wrongdoings [did] not relate to the subject matter of
[the] claim”); Monsanto Co. v. Rohm & Haas Co.,
456 F.2d 592, 598 (3d Cir. 1972)
(applying unclean hands doctrine to bar equitable remedies in patent infringement case
where patents at issue were procured through misrepresentations in the patent
application).7
“Unless courts insist on a tight connection between the object of the injunction and
the misconduct of the plaintiff . . . . the right to injunctive relief . . . would have little
value [and] the defendant could divert the proceeding into the byways of collateral
misconduct.”
Shondel, 775 F.2d at 869. Such misdeeds are “‘collateral’ . . . when the
right for which the plaintiff seeks protection in the injunction suit did not accrue to him
because of the misdeed.” Restatement (Second) of Torts § 940 cmt. c (Am. Law Inst.
1979).
The District Court applied these legal principles and declined to invoke the
unclean hands doctrine because SDG’s access of Hernandez’s Facebook account “does
7
We have also described the “relationship” element in somewhat looser terms.
See, e.g., Precision Instrument Mfg. Co. v. Auto. Maint. Mach. Co.,
324 U.S. 806, 814-
15 (1945) (“[W]hile equity does not demand that its suitors shall have led blameless
lives, as to other matters, it does require that they shall have acted fairly and without
fraud or deceit as to the controversy in issue.”) (quotation marks and citations omitted)
(emphasis added)). Regardless of the phrasing, each articulation has a common thread:
the doctrine applies only where the unclean “conduct relat[es] to the matter in litigation,”
Ne. Women’s
Ctr., 868 F.3d at 1355, and “[t]he nexus ‘between the misconduct and the
claim must be close,’”
Highmark, 276 F.3d at 174 (quoting New Valley
Corp., 181 F.3d
at 525). The fact that a different framing of the relationship element is possible and the
District Court chose a narrower articulation does not mean that the Court erred. See
Hohe v. Casey,
868 F.2d 69, 70 (3d Cir. 1989).
10
not affect the potential breaches of loyalty, tortious interference, and/or trade secret
violations that are the subject of the litigation and which occurred prior to Plaintiff’s
alleged hacking of Hernandez’s account.” App. 9. This conclusion was sound for three
reasons. First, SDG did not dirty its hands to “acquire[ the] rights” it asserts in its
complaint. S. Cal. Darts Ass’n v. Zaffina,
762 F.3d 921, 933 (9th Cir. 2014); see also
Restatement (Second) of Torts § 940 cmt. c (“equity will not aid a person to reap the
benefits of his own misconduct”). Unlike a patent holder who obtains patent rights based
upon a fraudulent patent application,
Monsanto, 456 F.2d at 598, SDG did not monitor
Hernandez’s Facebook account so it could obtain a right that SDG did not otherwise
have. Defendants owed a duty of loyalty to SDG long before the Facebook monitoring
occurred.
Second, while SDG obtained proof of its duty of loyalty claim from its
monitoring, and thus it benefitted from its activity, SDG had a right to Defendants’
loyalty and could prove their breach of that duty without relying on the surreptitiously
obtained Facebook messages.8 Put differently, SDG’s alleged misconduct has a link with
Defendants’ breach of loyalty claim insofar as SDG’s conduct led it to proof of its duty of
loyalty claim, see App. 52 (Verified Compl. ¶ 75 (“To the extent these discussions
referred to downloads by Hernandez, McGinley and Waldron from the SDG computer
network, SDG was able to corroborate virtually all of them with the removal of portable
storage devices such as flash drives from users’ computers as logged by the auditing
8
That said, the Facebook messages would have been discoverable.
11
function of SDG’s Windows domain operating system.”)), but this conduct did not give
rise to the claim upon which SDG seeks relief. Thus, SDG’s monitoring of the Facebook
messages is not related to “whether [Defendants], at some earlier point, stole [SDG’s]
property.” Sullens v. Graham, No. 14 CV 866,
2014 WL 6765138, at *2 (N.D. Ill. Dec.
1, 2014).
Third, SDG’s alleged privacy violation and Defendants’ alleged breach of the duty
of loyalty are causes of action “governed by distinct bodies of law that provide their own
separate remedies for misconduct.”9 Intertek USA Inc. v. AmSpec, LLC, No. 14 CV
6160,
2014 WL 4477933, at *7 (N.D. Ill. Sept. 11, 2014).
In sum, because relatedness is a “critical element of the unclean hands doctrine,”
New Valley
Corp., 181 F.3d at 524, and SDG’s allegedly unclean conduct is not directly
related to Defendants’ breach of the duty of loyalty, the District Court did not abuse its
discretion in declining to apply the unclean hands doctrine to deny SDG’s request for
equitable relief.
III
For the foregoing reasons, we will affirm.
9
Not only is the law distinct but the impact of the alleged conduct differs. Unlike
SDG’s Facebook monitoring, which has ceased, Defendants’ alleged theft of SDG’s
client information and other intellectual property could result in future economic harm.
12
AMBRO, Circuit Judge, dissenting
The District Court’s decision to issue a preliminary injunction preventing SDG’s
former employees from communicating with SDG clients or using SDG documents might
be the correct outcome in this case. And if, as my colleagues conclude, the Court
determined that SDG’s conduct was not sufficiently related to trigger unclean hands, I
agree affirmance may be appropriate. But because I am not sure it made such a
determination, and I think its privacy analysis is faulty, I am uncomfortable affirming at
this time.
Unclean hands law prevents injunctive relief to one who otherwise would merit it.
Inequity cancels out equity. Under our precedent, unclean hands applies when (1) the
conduct of one seeking to enjoin another offends the court’s conscience and (2) “in some
measure affect[s] the equitable relations between the parties in respect of something
brought before the court for adjudication[, which typically goes by the term relatedness].”
Highmark, Inc. v. UPMC Health Plan, Inc.,
276 F.3d 160, 174 (3d Cir. 2001) (quoting
Keystone Driller Co. v. General Excavator Co.,
290 U.S. 240, 245 (1933)). We
ordinarily review an unclean hands ruling for abuse of discretion, but conduct plenary
review of a district court’s offensiveness and relatedness determinations to the extent they
implicate a matter of law. Ne. Women’s Ctr., Inc. v. McMonagle,
868 F.2d 1342, 1353–
54 (3d Cir. 1989).
The District Court observed that SDG’s “conduct is arguably not related to the
litigation to find unclean hands. While it goes to [SDG’s] full knowledge of the
underlying facts, it does not affect the potential breaches of loyalty, tortious interference,
and/or trade secret violations that are the subject of the litigation and which occurred
prior to [SDG’s] alleged hacking of Hernandez’s account.” App. at 9. Though the Court
notes that this is “arguably” correct, it is not definitive. I have the same lack of certainty.
For offensiveness, however, I part ways with the District Court and my colleagues.
The Court states that “it may be reasonable and does not necessarily amount to an
intrusion upon seclusion for an employer to have access to and view password-protected
content on a company laptop.” Id.1 I believe an incorrect view of New Jersey privacy law
affected the Court’s thinking as to whether SDG’s conduct—including accessing a
former employee’s password-protected PNC bank account and actively monitoring his
Facebook Messenger account—is offensive.
Reasonable minds can interpret differently the Court’s ruling that, “[o]n balance,
[it] is not persuaded that Plaintiff’s ‘unclean hands’ should bar its right to pursue
injunctive relief.”
Id. But if its privacy analysis to get to that conclusion misses the
mark, a redo is in order. Hence I write separately to explain why I believe it is unlawful
1
The opinion also refers to a discussion at the April 3 oral argument, which likewise
shows the Court is very skeptical that SDG’s conduct is concerning.
MR. KISTLER: . . . . Your Honor, they continued to monitor and look at
these communications after all of these individuals left the company on
January 18th for another six weeks.
THE COURT: Of course they would. Why wouldn’t they?
MR. KISTLER: Because it’s illegal I would submit, Your Honor.
THE COURT: I’m not at all persuaded of that. . . .
Apr. 3, 2018 TRO Tr. at 43:11–44:3 (emphases added).
2
to access a former employee’s password-protected bank account and actively monitor his
private digital communications months after he resigned.
I. SDG’s access of Hernandez’s accounts was unlawful and offensive conduct
A. Employer monitoring under New Jersey Law
The District Court cites to Stengart v. Loving Care Agency, Inc.,
990 A.2d 650
(N.J. 2010), to support its view that SDG’s conduct “may be reasonable and does not
necessarily amount to an intrusion upon seclusion.” App. at 9. I don’t read Stengart that
way. It held that an employer may not view password-protected attorney-client emails
that an employee sent from a company computer and which it subsequently
recovered.
990 A.2d at 665. In so ruling, the Court stated not only that the computer-use policy of
the employer failed to disclose the monitoring of employee activities on company
computers,
id. at 659, but also concluded that these emails would still be privileged and
access to them unenforceable even if the company had such a policy,
id. at 665. The
employee in Stengart had a subjective expectation of privacy in her use of personal,
password-protected accounts on her company laptop and an “objectively reasonable
expectation” of privacy based on “the language of the Policy and the attorney-client
nature of the communications.”
Id. at 663.
Though SDG accessed content that was not attorney-client privileged, it was
clearly private. SDG accessed that content not by recovering from Hernandez’s company
computer copies of the messages he viewed or sent but rather by infiltrating his personal,
password-protected accounts. In other words, SDG went on an external fishing
expedition rather than merely conducting a review of activity on its own physical assets.
3
Stengart, 990 A.2d at 665. And SDG also didn’t have any policies disclosing its
monitoring practices.2 Thus nothing in Stengart nor any subsequent New Jersey case
suggests SDG’s conduct is permissible.
SDG concedes these facts. Its head of Information Technology, Jason
Gerstenfeld, reviewed the browser history from Hernandez’s old SDG laptop roughly a
month after Hernandez resigned. While viewing it, Gerstenfeld clicked on links to many
of Hernandez’s personal, password-protected, and off-premises accounts. He
successfully bypassed the log-in requirements for three of them: Hernandez’s personal
PNC Bank Account, his Dropbox account (associated with his SDG email), and his
Facebook Messenger account. From February 15 through March 15, Gerstenfeld and
SDG’s founder, Glenn Scherer, monitored many times a day Hernandez’s Facebook
Messenger activity, which is both password-protected and end-to-end encrypted. To
repeat, SDG had no computer-use policies disclosing that the company might monitor
employee activity on its computers or access personal accounts of employees after they
left the company.
2
Indeed, a non-precedential New Jersey Superior Court case interpreting Stengart
suggests that even a clear policy may not permit an employer to retrieve and view
password-protected personal communications or accounts that the employee accessed on
a work computer. In Liebeskind v. Rutgers Univ., No. A-0544-12T1,
2014 WL 7662032,
at *7 (N.J. Super. Ct. App. Div. Jan. 22, 2015), the Court held that an employee lacked an
expectation of privacy in his non-password-protected browsing history on his company
computer where Rutgers had a clear policy that it “reserve[d] the right to examine
material stored on or transmitted through its facilities.” The Court emphasized, however,
that, “[i]mportantly, there is no competent evidence that defendants tried to access the
content of personal, password-protected emails or personal accounts.”
Id.
4
This conduct surely is beyond the scope of permissible conduct that Stengart
recognizes. SDG infiltrated password-protected accounts hosted on third-party servers
and networks without any authorization. It had no connection to or right to view the
information in these private accounts (except through the traditional discovery process,
which has procedural safeguards on information acquisition and use). And neither the
parties nor my colleagues can identify any authority under New Jersey law that suggests a
mere computer-use policy may permit a company to acquire password-protected
information not already stored on a company computer.
B. Access to personal, password-protected accounts as intrusions upon seclusion
A traditional intrusion analysis leads me to believe that SDG’s conceded conduct
is tortious. Under New Jersey law, the elements of a privacy claim based on intrusion
upon seclusion are (1) intentional conduct that (2) intrudes into a private space and (3) is
“highly offensive” to a reasonable person. In re Nickelodeon Consumer Privacy Litig.,
827 F.3d 262, 293 (3d Cir. 2016) (citing Hennessey v. Coastal Eagle Point Oil Co.,
609
A.2d 11, 17 (1992)). Let’s look at each element.
i. Intentional conduct
A person acts intentionally if he knows he lacks either legal or personal permission
to intrude into a private space.
Id. (citing O’Donnell v. United States,
891 F.2d 1079, 1083
(3d Cir. 1989)). In other words, if an intruder searches another’s private space and is
uncertain whether her search is lawful but knows it was without consent, the intruder acts
intentionally.
Id. As Hernandez never gave his permission for SDG to access his
password-protected accounts, it acted intentionally.
5
ii. Intrusion into private space
An intrusion must invade a private space, meaning the victim must have a
reasonable expectation of privacy in the intruded space. Kline v. Sec. Guards, Inc.,
386
F.3d 246, 260 (3d Cir. 2004) (citing Restatement (Second) of Torts § 652B).3 Individuals
have a reasonable expectation of privacy in password-protected online accounts and
communications. See, e.g., United States v. Stabile,
633 F.3d 219, 233 (3d Cir. 2011)
(observing that employing a password on a shared computer can protect a user’s privacy
rights vis a vis a third-party to whom a co-owner grants access); Trulock v. Freeh,
275 F.3d
391, 403 (4th Cir. 2001) (“Trulock’s password-protected files are analogous to the locked
footlocker inside the bedroom. By using a password, Trulock affirmatively intended to
exclude Conrad and others from his personal files.”).
A cursory review of our sister circuits shows that the mere use of a password to
protect an account or files generally conveys a clear intent to prevent others’ access. This
preserves a user’s reasonable expectation of privacy as to the bypassing intruder. See, e.g.,
United States v. Thomas,
818 F.3d 1230, 1241–42 (11th Cir. 2016) (stating that use of a
separate, unshared password or encryption will preserve a user’s expectation of privacy as
to a third party who happens to access the account); United States v. Heckenkamp,
482 F.3d
1142, 1146–47 (9th Cir. 2007) (concluding that a student’s use of a “screen-saver
3
While Kline applies Pennsylvania law, we have observed that “[s]ince the highest
courts of both New Jersey and Pennsylvania have looked to the same treatise, we are
comfortable adopting” the same standards in the intrusion context.
Nickelodeon, 827
F.3d at 293 n.194.
6
password” preserved his objective and subjective expectations of privacy); United States
v. Andrus,
483 F.3d 711, 719 (10th Cir. 2007) (ruling that a user retains an expectation of
privacy in a computer where the password’s protections are bypassed so long as the
bypasser reasonably knew the account was password-protected).
What if Hernandez hadn’t cleared his browser history? He attests that he did, but
would it matter if he forgot or simply had no way to stop however SDG accessed his
accounts?4 No, for borrowing a person’s jacket and discovering a notecard with
handwritten passwords to an email or bank account does not make the information on those
accounts any less private. In the intrusion context, mere lapses of mind or capacity are
insufficient to waive a privacy interest in password-protected accounts. See K-Mart Corp.
Store No. 7441 v. Trotti,
677 S.W.2d 632, 638 (Tex. App. 1984) (where an employer
intrudes upon an employee’s seclusion by searching her locked locker, “it is immaterial
whether the [employee] actually securely locked her locker or not”) (emphasis added); see
also, e.g., Hernandez v. Hillsides, Inc.,
211 P.3d 1063, 1076 (Cal. 2009) (employees
maintain reasonable expectations of privacy from covert monitoring even though
“colleagues, supervisors, visitors, and security and maintenance personnel have varying
degrees of access” to shared office).
4
SDG’s forensic report suggests that Hernandez did delete his browser history, but that
local files stored on the SDG system gave SDG a backdoor way into his account. “Given
the volume and granularity of Internet History records, cached web pages, form fill data,
and file access information, available in [SDG’s local] dhernandez user profile, efforts to
clear the Internet History were unsuccessful[,] leaving session cookies, login information,
and other cached data available for another user.” App. at 381 (emphasis added). The
record does not address whether Hernandez could view or delete these files.
7
Stengart aligns with these principles. SDG used a former employee’s browsing
history to access and actively monitor his external, password-protected accounts. This is
an intrusion into private space.
iii. Highly offensive
An intentional intrusion into a private space must also be highly offensive to a
reasonable person, a determination usually made by juries. See, e.g.,
Nickelodeon, 827
F.3d at 295; In re Google Inc. Cookie Placement Consumer Privacy Litig.,
806 F.3d 125,
151 (3d Cir. 2015). When pressed, as here, to articulate whether an intrusion is highly
offensive as a matter of law, courts generally balance interests. See, e.g., Borse v. Piece
Goods Shop, Inc.,
963 F.2d 611, 625 (3d Cir. 1992) (predicting the Pennsylvania
Supreme Court would consider all facts surrounding a drug screening program and weigh
the employee’s privacy interest against the employer’s interest in maintaining a drug-free
workplace); Safari Club Int’l v. Rudolph,
862 F.3d 1113, 1127 (9th Cir. 2017) (holding
that under California law an intrusion is highly offensive if it satisfies a balancing test
with relevant factors that include “the degree and setting of the intrusion[] and the
intruder’s motives and objectives”).
From my review of the conceded facts, I conclude that SDG’s conduct was highly
offensive given the types of information accessed along with the manner of its intrusions.
And, to make matters worse, SDG had a way through discovery to acquire legally all
information relevant to its former employees’ alleged misconduct.
8
a. Type of information accessed
The Second Restatement of Torts lists unconsented access to private
correspondence, bank accounts, and safes as examples of highly offensive intrusions. See
Restatement (Second) of Torts § 652B cmt b (explaining that tortious intrusions are
committed, for example, “as by opening his private and personal mail, searching his safe
or his wallet, examining his private bank account, or compelling him by forged court order
to permit an inspection of his personal documents”). Indeed, SDG’s access of Hernandez’s
private bank account appears to violate the Computer Fraud and Abuse Act. See, e.g., 18
U.S.C. § 1030 (a)(2)(A), (c)(2)(A) (providing for fines and imprisonment of not more than
one year for anyone who “intentionally accesses a computer without authorization or
exceeds authorized access, and thereby obtains . . . information contained in a financial
record of a financial institution . . . .”); United States v. Tolliver, 451 F. App’x 97, 103 (3d
Cir. 2011).5
The personal communications here were private and must not be viewed absent
legal mandate or clear and knowing consent by the sender or a named recipient. Today
private communications are perhaps the most common way for people to build authentic
relationships, share intimate facts, and expose to another ideas or habits that are works in
progress.6 Private communications are also critical to human organization. People use
5
Federal statutes, not implicated here, also criminalize unauthorized access to personal
communications. See, e.g., 18 U.S.C. § 1702 (unconsented access to another’s mail); 18
U.S.C. §§ 2511(1), (4)–(5) (interception of another’s electronic communications).
6
For this reason, private communications have been a particular concern since the
privacy movement began in the United States. See, e.g., Samuel D. Warren & Louis D.
9
private messages to plan and advance commercial opportunities (as we see here), political
campaigns, and academic research, to name a few. Permitting third parties to monitor
private communications without clear permission or legal authorization poses grave and
profound risks to a free society.
b. The manner of SDG’s intrusion
The way SDG intruded—with covert, sustained, and overbroad monitoring of its
former employees’ communications—is also highly concerning. It took steps to obscure
its monitoring when Gerstenfeld installed the application “fbunseen,” which permitted the
company to review Hernandez’s Facebook Messenger conversations without the other
participants knowing.
Once in the account, SDG’s search for useful information lasted roughly a month.
Both alongside Scherer and on his own, Gerstenfeld monitored Hernandez’s Facebook
messages many times a day for a month. He continued to monitor actively Hernandez’s
Facebook Messenger account until March 15, roughly a week after SDG filed suit.
Brandeis, The Right to Privacy, 4 Harv. L. Rev. 193 (1890) (“The common law secures to
each individual the right of determining, ordinarily, to what extent his thoughts,
sentiments, and emotions shall be communicated to others”); Millar v. Taylor, 4 Burr.
2303, 2379 (1769) (“It is certain every man has a right to keep his own sentiments, if he
pleases. He has certainly a right to judge whether he will make them public, or commit
them only to the sight of his friends.”); see also Bradley A. Areheart & Jessica L.
Roberts, GINA, Big Data, and the Future of Employee Privacy, 128 Yale L.J. 710, 779
(2019) (“Privacy has independent moral value because it allows us to define our
relationships through what we keep secret and what we disclose. . . . With respect to
intrinsic privacy harms, the detriment is the invasion itself, regardless of whether the
intruder actually acts on that information.”) (citations omitted).
10
And nothing in the record suggests the scope of SDG’s review and acquisition of
Hernandez’s communications was narrow. SDG snooped on conversations between
Hernandez and other friends not related to this litigation. SDG also does not dispute the
account of Chad Schwartz, one of the ventures’ founders, who declared under penalty of
perjury that it reviewed and downloaded privileged attorney communications from
Hernandez’s account. From the breadth and duration of the search, we may fairly infer
that SDG looked for any information that might be useful to its investigation and litigation,
its awareness of its competitors’ commercial strategies, or gaining understanding of their
founders’ activities. This monitoring is offensive to anyone’s reasonable expectation of
privacy.
c. SDG didn’t need to act so brazenly
We have litigation to resolve disputes by a legal process, which includes discovery.
And indeed SDG had expedited discovery. And yet for SDG that wasn’t enough. To the
extent Hernandez’s accounts held relevant information, I repeat that this information
should only have come to light through discovery rather than prior misconduct.
Balancing the interests here, I have no doubt that SDG’s conduct was sufficiently
offensive for purposes of an unclean hands inquiry.
II. Relatedness
That conduct is unlawful or otherwise offensive to the court’s conscience does not
mean unclean hands necessarily bars equitable relief. It must also bear a sufficient
relationship to either the litigation or claims for equitable relief. As implied above, I
11
think the District Court could have concluded that SDG’s conduct was not related to the
equitable relief it sought. Or it could have ruled the other way.
Our Court has described the relatedness requirement in various ways over the
years. From my review, the three articulations we have most frequently endorsed are:
1. That courts “close their doors” “only for such violations of conscience as in
some measure affect the equitable relations between the parties in respect of
something brought before the court for adjudication.’” Highmark, Inc. v.
UPMC Health Plan, Inc.,
276 F.3d 160, 174 (3d Cir. 2001) (quoting
Keystone,
290 U.S. at 245).
2. That there must be an “‘immediate and necessary relation to the equity that’
the party seeks.” In re New Valley Corp.,
181 F.3d 517, 525 (3d Cir. 1999)
(citing
Keystone, 290 U.S. at 245).
3. That “the nexus ‘between the misconduct and the claim must be close.’”
Highmark, 276 F.3d at 174 (quoting In re New Valley
Corp., 181 F.3d at 525).
This is not an exhaustive list, and we are not alone in recognizing many standards
of relatedness, a practice that dates back over a century. See generally Pomeroy, Equity
Jurisprudence §§ 397, 399–403 (5th ed. 2002) (discussing the broad principles that
govern unclean hands, its limitations, and distinct analyses in various contexts). As the
majority notes, “that a different framing of the relationship element is possible and the
District Court chose a narrower articulation does not mean that the Court erred.”
Majority Op. at 10 n.7. I would only add “necessarily” before “mean.”
In its ruling, the District Court applied a two-part test—to be related, the plaintiff’s
conduct must (1) “bear direct relation to the matter in litigation/before the Court . . . [and
(2)] affect the balance of equities.” SDG includes in its complaint snapshots of
Hernandez’s private messages. This satisfies the first requirement. The second
12
requirement is vague by design and gives district courts discretion to determine when
misconduct, already connected to the litigation, is sufficiently related for unclean hands
to bar equitable relief. See, e.g., Keystone Driller Co. v. Gen. Excavator Co.,
290 U.S.
240, 245–46 (1933) (“[Courts] do not close their doors because of plaintiff’s misconduct,
whatever its character, that has no relation to anything involved in the suit, but only for
such violations of conscience as in some measure affect the equitable relations between
the parties in respect of something brought before the court for adjudication. . . . They
are not bound by formula or restrained by any limitation that tends to trammel the free
and just exercise of discretion.”). Thus the District Court could conclude that SDG’s
conduct affected the balance of the equities between the parties.
One way this is possible is if the Court found that the similarity of SDG’s conduct
to the conduct it challenges affected the balance of equities between the parties—in
effect, “a pox on both their houses.” The Court stated that Defendants’ acquisition of
SDG documents is the central basis for the lone claim triggering a preliminary injunction
(a breach of New Jersey’s duty of loyalty). SDG responded to this activity by accessing
Hernandez’s external, password-protected accounts and taking information related to
him, SDG’s new competitors, and their founders. Thus both parties unlawfully acquired
from the other information relevant to their competing businesses. Further, each also
“abused” Hernandez’s relationship with SDG: Hernandez used his employment to
acquire SDG information; SDG used Hernandez’s activity as an employee to acquire his
information. Given these similarities, I think the District Court could have concluded
13
that SDG’s conduct affected the balance of equities between the parties. See Ciba-Geigy
Corp. v. Bolar Pharm. Co.,
747 F.2d 844, 855 (3d Cir. 1984).
Though SDG’s conduct was offensive and highly so, the District Court here was
within its discretion to rule either way as to whether SDG’s access to private accounts
was related to the equitable remedies it sought. Thus it could have granted equitable
relief in full, as to only certain claims and defendants, or not at all.
But what the Court decided on relatedness was not definitive. It concluded only
that SDG’s conduct was “arguably not related,” and that, “[o]n balance,” unclean hands
should not apply to bar a preliminary injunction in favor of SDG. Because I think the
Court erred in its privacy analysis and this—at least in part—informed its decision not to
apply unclean hands, I cannot affirm at this time. See, e.g., Sprint/United Mgmt. Co. v.
Mendelsohn,
552 U.S. 379, 386–88 (2008) (where a district court’s decision is reviewed
for abuse of discretion and may stem from underlying error, the proper course is to clarify
the operative legal inquiry and remand unless the record permits only one resolution of
the issue). I would clarify the privacy law issue, vacate and remand, and preserve the
status quo between the parties so the District Court could consider the unclean hands
question within that legal framework.
Thus I respectfully dissent.
14