This post is excerpted from the upcoming e-treatise “Wassom on Social Media Law.”
We've heard a lot in the news lately about forced disclosure of Facebook passwords. Almost all of the discussion has focused on new laws that states across the country have passed to prevent employers and schools from forcing employees and students to disclose their "private" social media information. This has led many people to assume that such information is now legally considered "private," even for people involved in litigation.
It isn't. To the contrary, courts treat social media content as potentially discoverable evidence regardless of the user's privacy settings. Several courts have expressly followed the conclusion of Magistrate Judge R. Steven Whalen of the Eastern District of Michigan in the 2012 decision Tompkins v. Detroit Metropolitan Airport "that material posted on a 'private' Facebook page, that is accessible to a selected group of recipients but not available for viewing by the general public, is generally not privileged, nor is it protected by common law or civil law notions of privacy."
This article focuses on one method by which litigants may discover their opponents' social media information--by forcing their opponent to disclose their username and password.
The case law on forced disclosure of Facebook login and password information is surprisingly nuanced. Some decisions, such as Zimmerman v. Weis Markets, Inc., (Penn. Comm. Pleas 2011) have compelled a party to disclose their password without considering other methods of production. Other judges did expressly consider the alternatives and decide that this was the best approach. For example, in Largent v. Reed (Penn. Comm. Pleas 2009) found disclosing a party's password to be "one of the least burdensome ways to conduct discovery," because the account holder "can still access her account while [her opponent] is investigating."
Other courts have examined the issue and reached the opposite conclusion. In Howell v. Buckeye Rach, Inc., (S.D. Ohio 2012), Magistrate Judge Mark Abel found a request to compel disclosure of an opponent's password to be "overbroad." The plaintiff's "username and password would gain defendants access to all the information in the private sections of her social media accounts--relevant and irrelevant alike. The fact that the information defendants seek is in an electronic file as opposed to a file cabinet does not give them the right to rummage through the entire file." And in Chauvin v. State Farm Mut. Auto. Ins. Co. (E.D. Mich. 2011), Magistrate Judge Mona Mazjoub found the defendant insurance company's request for the insured's Facebook password "so far outside the realm of discoverable information ... that the Court must conclude that the interrogatory was designed to intimidate and harass," justifying an award of sanctions. "[A]ny possible relevant information which could be gleaned through Facebook information is available to Defendant through less intrusive, less annoying and less speculative means than this," she said.
At the same time, there have been plaintiffs who have offered to share their Facebook passwords and were refused. In German v. Micro Electronics, Inc. (S.D. Ohio 2013), plaintiff admitted to blogging and posting in social media about her health condition, and defendant wanted to discover that information. Plaintiff offered to share her passwords so that defendant could browse through her accounts, but defendant was "reluctant to utilize her log-in and password credentials to access information due to the risk of altering or otherwise affecting the websites or the content of the websites." Ultimately, the court rejected plaintiff's offer not for this "valid" reason, but "because it impermissibly shifts the burden onto [defendant] to sift through her 'prolific collection of writings' for responsive [information.]" It should instead have been plaintiff's responsibility to identify responsive posts.
Similarly, Mr. Pellegrin, the injured party in Matter of the Complaint of White Tail Oilfield Services, LLC, (E.D. La. 2012) had revealed his Facebook username and password to the defendant, who had used them to browse his account. But that wasn't enough. Defendant argued that "simply printing screens from Pellegrin's Facebook page would not capture deleted data"--only Facebook's "download your information" feature would do that. And while Defendant could make the request for that download (using Pellegrin's password), the information would be emailed directly to Pellegrin. Therefore, the court ordered Pellegrin to turn over that email once he received it.
My forthcoming e-treatise Wassom on Social Media Law will explore additional means of producing social media information in discovery.