JOHN A. ROSS, District Judge.
This matter is before the Court on Defendant Avid Dating Life Inc.'s Motion for Protective Order Precluding Use of Stolen Documents by Plaintiffs or their Counsel. (Doc. No. 115) The motion is fully briefed and ready for disposition.
In July 2015, a group calling itself "The Impact Team" hacked into the Ashley Madison website and threatened to expose the identities of Ashley Madison's users if its parent company, Avid, did not shut down the site. Customer records and company data were released on the internet in a series of "data dumps" after the site was not shut down pursuant to the hackers' demands. According to Avid, the hacked documents include personal information related to users of the Ashley Madison website, records of millions of credit card transactions dating to 2008, and internal company documents, including communications between Avid and its counsel. Plaintiffs assert that for purposes of drafting their consolidated amended complaint, they intend to use news articles discussing and, in some cases, quoting those documents, but not any of the original documents leaked in the data breach. (Doc. No. 130 at 2-3) Avid moves this Court to issue a protective order prohibiting Plaintiffs and their counsel from using the stolen documents for any purpose, including, but not limited to, the drafting of their consolidated class action complaint or any other future pleading, and requiring Plaintiffs and their counsel to destroy all copies of the stolen documents they possess, as well as any attorney-work product that quotes or describes the contents of the stolen documents. (Doc. No. 115 at 2)
As a threshold matter, Plaintiffs question the Court's authority to issue a Rule 26 protective order with respect to documents obtained outside the normal discovery process, citing
Federal trial courts have, however, recognized an "inherent equitable power" to regulate the use or disclosure of information improperly obtained outside the discovery process.
Courts have considerable discretion in choosing an appropriate remedy under this inherent authority,
In sum, although the Court's authority to issue a Rule 26 protective order may be limited where evidence is obtained outside of this Court's discovery process, the Court has the inherent equitable authority to issue an order addressing Plaintiffs' expressed intention to use the documents at issue in this case or reports of the documents. The Court now turns to Avid's motion.
In support of its motion, Avid argues that the use of stolen documents is improper under federal and state case law, the Rules of Professional Conduct, and ethics opinions interpreting those rules. (Doc. No. 116 at 6-9; Doc. No. 131 at 8-9) (citing 69 Am. Jur. Trials 411 § 30 (1998); American Law Institute — American Bar Association Continuing Legal Education, Corporate Internal Investigations — Legal Privileges and Ethical Issues in the Employment Law Context, SF42 ALI-ABA 927, 950 (Feb. 2001) ("Of all the ethical issues discussed in this article, this is perhaps the most clear cut. Use by counsel of stolen documents and materials, obtained either during the course of a pre-litigation investigation or during the course of a pending action, either by counsel directly or by the client and the attorney knows they are stolen, is a violation of the ethical rules."); Ethics in Adversarial Practice, 69 Am. Jur. Trials 411 § 30 (1998) ("[m]ost jurisdictions agree that `tainted' materials, in other words, those that were taken illegally or improperly obtained (as distinguished from inadvertent receipt), may not be used by a lawyer"); Iowa Practice Series, Lawyer and Judicial Ethics, § 8:4(d)(3) ("When a lawyer receives confidential materials that he or she has reason to believe were taken from another party by a person who did not have authority to remove the documents or waive confidentiality, the lawyer may not deliberately conceal, retain, or use those stolen documents to the disadvantage of that other party"). The underlying rationale is the same whether or not the attorney wrongfully obtained the documents, that is, as officers of the court, attorneys should not possess and use property they know was stolen from the opposing party to that party's detriment. (Doc. No. 116 at 2)
In response, Plaintiffs argue there is no basis for requiring the return of the information obtained or prohibiting its use to advance their case because the documents are not protected by any privilege, are not confidential, and because neither Plaintiffs nor their counsel were involved in any wrongdoing in obtaining the information in the first instance. (Doc. No. 130 at 10-14) Plaintiffs contend that all of the documents, including Avid's internal business documents and documents involving communications between Avid and its counsel, have been published on the internet and in news articles reporting on the data breach and are thus in the public domain. (
Plaintiffs base their entitlement to rely on this "public information" in drafting their pleadings on the fact that journalists may legally publish leaked or stolen information, and cite
Plaintiffs also cite
The question of whether a party may use, for any purpose, documents and information wrongfully obtained from an opposing party in prosecuting a civil action has arisen in other contexts, such as in cases where a current or former employee of a corporate defendant has surreptitiously provided documents to counsel for the plaintiff.
Although the underlying facts in the instant case are different, particularly since there is no suggestion of impropriety on Plaintiffs' counsel's part, the outcome would be the same. Plaintiffs would be unfairly advantaged while Avid would have no opportunity to argue against production. The fact that the content of some of Avid's internal documents, including email communications between Avid and its counsel, has been to some extent placed on the internet and reported in news articles does not change the nature of the documents. They remain stolen documents. Regardless of whether some of the documents at issue may be ultimately discoverable, Avid has, and has always had, the right to keep its own documents until met with proper discovery requests or ordered to disclose them by the Court.
Plaintiffs further argue that if the Court were to enter an order precluding them from using the stolen documents, then Avid would gain an unfair tactical advantage by being allowed to hide evidence of its misconduct. (Doc. No. 130 at 11 n. 6) However distasteful it may be that some of the email communications between Avid and its counsel may show wrongful or inappropriate conduct, the Court cannot and will not allow Plaintiffs to take advantage of the work of hackers to access documents outside the context of formal discovery. To do so would taint these proceedings and, if left unremedied, potentially undermine the integrity of the judicial process.
The internet has revolutionized the way business is conducted. As internet technology has advanced, so too has the incidence of computer-related crime such as hacking and ransomware. As noted by Amici Does, the law has struggled to keep up with the threat posed by cybercrime. This is an evolving area of the law. Congress has enacted legislation such as the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030, the Stored Communications Act, 18 U.S.C. § 2701, the Identity Theft and Assumption Deterrence Act, 18 U.S.C. § 1028, as well as through updates to wiretapping laws. (Doc. No. 136 at 8) Other relevant federal statutes include the Electronic Communications Privacy Act (ECPA), 18 U.S.C. § 2510, and certain provisions of the USA PATRIOT Act of 2001, Public Law 107-56. Although these laws may not directly apply to the facts of this case, they illustrate the unique challenges of addressing crimes that are technology driven, and highlight the need to protect the integrity of the internet and make it a safer place for business, research and casual use. Allowing Plaintiffs to use the documents stolen from Avid would serve to encourage the conduct of hackers and cause businesses and individuals victimized by hackers to be more likely to give in to extortionists. Historically, courts have excluded evidence illegally obtained as a deterrent to the conduct, as with the exclusionary rule. While the deterrent effect in this case is indirect, it is still essential to maintain the integrity of the judicial process.
Plaintiffs' stated intent to use the documents and information illegally obtained from Avid in the computer hack in drafting the consolidated complaint poses a threat to the integrity of this proceeding. Federal courts have the authority to remedy situations that threaten judicial integrity and the adversary process. Therefore, the Court will grant Avid's motion in part and enter an order precluding Plaintiffs and their counsel from using the documents, reports quoting the documents, and information stolen from Avid in the drafting of their consolidated class action complaint.
Accordingly,