LITIGATION SUPPORT TIP OF THE NIGHT

This Friday, Judge William Alsup issued a decision, Bass v. Facebook, Inc., No. C 18-05982 WHA (JSC), 2019 U.S. Dist. LEXIS 104488 (N.D. Cal. June 21, 2019) which granted in part and denied in part Facebook's motion to dismiss. The plaintiff's suit arose from a data breach in September 2018 which was caused by problems with access tokens. Access tokens are automatic passwords which allow accounts to be accessed without entering a user name and password on each login. The compromise of a Facebook access token may allow a malicious actor to access to data used in other applications. Facebook, contrary to standard industry practice, does not set access tokens to automatically expire.

Judge Alsup rejected Facebook's contention that there was no injury in fact because the compromised information (names, email addresses, phone numbers, photos, etc.) were publicly available. The decision points out that an injury is caused because the breach facilitates identity theft. "The information taken, however, need not be sensitive to weaponize hackers in their quest to commit further fraud or identity theft. . . That each strand of information can be painstakingly collected through a mishmash of other sources is irrelevant. Facebook is a centralized location which stores personal information for billions of users. Constructing this information from random sources bit by bit, would be hard." Id. at *19-21.

The court also found that the loss time caused by the data breach constituted a form of injury, even where a plaintiff could only show that he had spent an hour or so sorting through suspicious emails. "As consequences of this data breach continue to unfold, so too, will plaintiff's invested time. More phishing emails will pile up. At this stage, the time loss alleged suffices." Id. at *22. However a claim by one plaintiff that alleged he was a victim of the data breach merely because he was automatically logged out of Facebook, received suspicious phone calls, and got fake friend requests and spam, was dismissed.

Last week, Judge Arthur I. Harris issued a decision, In re LaGroux, No. 17-40198, 2019 Bankr. LEXIS 1814 (Bankr. N.D. Ohio June 11 , 2019) denying discovery sanctions under Fed. R. Civ. P. 37 for failure to preserve text messages.  He ruled that a bankruptcy filing is not a basis for litigation to be anticipated for the putposes of Rule 37.  “The Court believes that the duty to preserve did not arise until after attempts to resolve the valuation of LaGroux's interest proved unsuccessful.”. Id. at *7. 

Last week, the Texas Court of Appeals issued a decision, Rodriguez v. State, No. 14-17-00613-CR, 2019 Tex. App. LEXIS 4734 (Tex. App.  June 11, 2019) in a capital murder case, which upheld a lower court’s admission of photos taken from the defendant’s cell phone.  The photos showed the defendant with items found at the crime scene, including firearms and a bandana the defendant wore as a mask in one photo. 

The photos were not held to be cumulative evidence since the defense cast doubt on witness identifications of Rodriguez as the shooter.  The court rejected the appellant’s contention that the photos would tempt the jury to find him guilty on grounds other than evidence that offense occurred.  

“While the photographs including guns may have been inflammatory, the prejudice resulting from the admission of those photographs did not substantially outweigh their probative value.”. Id. at *17.