Imagine if, a decade ago, congressional lawmakers had asked Americans to carry electronic monitors that track where we go and whom we talk to, and record our most intimate transactions. Those politicians would have been tossed out of Washington on their cans.
Today, we buy and use such devices voluntarily. When we travel, we carry around data detailing every aspect of our private lives - on smartphones, tablet computers, and laptops. But these advances in computer technology, compounded by changing social habits, may also challenge traditional notions of privacy, including a host of Fourth Amendment protections.
In the past year, the Ninth U.S. Circuit Court of Appeals grappled with such issues in a series of rulings at variance with those in other federal circuits. Whether or not these opinions - and the circuit conflicts they created - ever reach the U.S. Supreme Court for resolution, they continue the circuit's tradition of taking the long view on matters affecting individual workers, travelers, and Internet users.
In March, an en banc panel considered just how far to extend search-and-seizure protections when the government tries to examine a citizen's electronic devices at the U.S. border. Howard Cotterman had been accused of possessing digital images of child pornography found on his laptop when he and his wife drove across the border into Arizona following a vacation in Mexico.
A Border Patrol agent learned from the Treasury Enforcement Communication System that Cotterman was a convicted child molester who might be involved in sex tourism. He and his wife carried two laptops, three digital cameras, and several password-protected files.
Agents questioned the couple and released them, but they kept Cotterman's laptop and sent it to a forensics lab. Using powerful software capable of unlocking password-protected files, restoring deleted material, and retrieving images viewed on websites, the lab found 378 images of child pornography; in many of them, Cotterman appeared to be sexually molesting a child.
Cotterman was indicted for a host of offenses, but he moved to suppress the evidence from his laptop. The trial judge granted the request, concluding that although the password-protected files were suspicious, they were insufficient to create a "reasonable suspicion of criminal activity."
The government appealed, arguing that reasonable suspicion was not required for a border search, and that examining Cotterman's computer was simply an extension of that search. In an 8-3 decision, however, the Ninth Circuit held that the trail of electronic bread crumbs left in mobile devices should not be tracked to that extent. (
U.S. v. Cotterman, 709 F.3d 952 (9th Cir. 2013).)
"This watershed case implicates both the scope of the narrow border search exception to the Fourth Amendment's warrant requirement, and privacy rights in commonly used electronic devices," wrote Circuit Judge M. Margaret McKeown. "But while technology may have changed the expectation of privacy to some degree, it has not eviscerated it, and certainly not with respect to the gigabytes of data regularly maintained as private and confidential on digital devices." (
Cot- terman, 709 F.3d at 956-957.) She con- cluded, "A person's digital life ought not be hijacked simply by crossing a border."
Though McKeown's opinion may have expanded Fourth Amendment search protections, it did not save Cotterman. In a detailed analysis, the judge found that myriad factors supported reasonable suspicion of criminal activity, and ruled that evidence recovered from the laptop should not be suppressed.
The
Cotterman decision broke with recent opinions in the Third and Fourth circuits. The Third Circuit has held that a camcorder may be inspected under broad authority of U.S. Customs officers for "routine searches and seizures for which the Fourth Amendment does not require a warrant, consent, or reasonable suspicion." (
U.S. v. Linarez-Delgado, 259 F.App'x. 506, 508 (3rd Cir. 2007).) And according to the Fourth Circuit, Congress and the Supreme Court have made clear that extensive searches at the border are permitted, even if the same search elsewhere would not be. "[S]ince the birth of our country," the appellate court stated, "customs officials have wielded broad authority to search the belongings of would-be entrants without obtaining a warrant and without establishing probable cause." (
U.S. v. Ickes, 393 F.3d 501, 505 (4th Cir. 2005).)
In another case last year the Ninth Circuit focused on whether employees who search the proprietary computer files of a company may be engaging in criminal conduct. Writing for a 9-2 majority, Chief Judge Alex Kozinski found that when a former Korn/Ferry International executive persuaded employees of the firm to cull files for his own use, he hadn't engaged in criminal hacking under the Computer Fraud and Abuse Act (CFAA) (18 U.S.C. § 1030). (
U.S. v. Nosal, 676 F.3d 854 (9th Cir. 2012).)
David Nosal, miffed that he was passed over for promotion in 2004, left Korn/Ferry to start his own executive search firm, using leads taken from his former employer. Prosecutors charged Nosal with 20 counts of trade secret theft, mail fraud, and violations of CFAA for aiding others in exceeding their authorized access to company computers with intent to defraud. The government argued that CFAA applies not only to hackers outside a company but also to insiders whose access to proprietary files is restricted.
"The government's interpretation would transform the CFAA from an anti-hacking statute into an expansive misappropriation statute," Kozinski wrote. He worried that employees might be found criminally liable for simply using an office network to play games, shop online, or watch sports highlights. "Minds have wandered since the beginning of time," observed Kozinski, "and the computer gives employees new ways to procrastinate."
Kozinski's ruling - that the CFAA "is limited to violations of restrictions on
access to information, not of restrictions on its
use" - put the Ninth Circuit at odds with rulings by the Fifth and Eleventh circuits. In the Fifth Circuit, an employee would exceed authorized access "if he or she used that access to obtain or steal information as part of a criminal scheme." (
U.S. v. John, 597 F.3d 263, 271 (5th Cir. 2010).) And in the Eleventh Circuit, a federal bureaucrat was found to have exceeded his authorized access when he put Social Security data to personal, rather than official, use, even though no intent to defraud was established. (
U.S. v. Rodriguez, 628 F.3d 1258 (11th Cir. 2010).)
Despite the Ninth Circuit's narrowed interpretation of CFAA, Nosal did not fare well. On retrial last April, a jury convicted him of conspiracy, theft of trade secrets, and three counts of computer fraud for engaging in unauthorized access of a company's computer system.
Having broken with other federal circuits on border searches and unauthorized computer access, the Ninth Circuit didn't hesitate to challenge contrary appellate opinions involving class action certification - including those issued by the U.S. Supreme Court.
The Roberts Court ruled last term that to certify a class under Federal Rule of Civil Procedure 23(b)(3), plaintiffs attorneys must show that damages can be measured on a classwide basis. (
Comcast Corp. v. Behrend, 133 S.Ct. 1426 (2013).) The decision appeared to foreclose certification of putative classes requiring individual damage calculations - potentially crippling wage-and-hour class actions.
In May a Ninth Circuit panel took a swing at
Comcast, permitting class certification in a dispute between employees and management at a medical products company. (
Leyva v. Medline Industries, Inc., 716 F.3d 510 (9th Cir. 2013).)
Jesus Leyva, seeking to represent more than 500 hourly employees, claimed Medline Industries violated California labor and business codes by rounding starting times in 29-minute increments. A worker who clocked in at 7:31 a.m., for instance, would be paid only from 8 a.m. onward even though he had already spent nearly half an hour inspecting and preparing machinery. Plaintiffs alleged the result was unpaid work. The trial court denied class certification on the grounds that damage calculations would need to be made individually.
But a three-judge panel of the Ninth Circuit reversed and remanded, ordering the district court to certify the class. The panel ruled that the trial court abused its discretion in concluding that individual questions predominate over common questions, and in deciding that class certification was not superior to other means of resolving the dispute.
Writing the opinion, Circuit Judge Harry Pregerson found that because of the small class size and limited amount of individual damages, class certification may be the only feasible means for them to adjudicate their claims. "Here, unlike in
Comcast," he wrote. "if putative class members prove Medline's liability, damages will be calculated based on the wages each employee lost due to Medline's unlawful practices."
Of this year's Ninth Circuit rulings,
Leyva may have the most significant impact. "A lot of people thought that
Comcast had put a chill on class certification," says Christopher J. Cox, head of commercial litigation at the Silicon Valley office of Weil, Gotshal & Manges. "I think the Ninth Circuit threw a curve ball - this is going to go beyond the wage-and-hour scenario."
Arguing calls with the Supreme Court could become routine. At oral argument a year ago, an en banc Ninth Circuit panel appeared unsympathetic to a California law that permits collection of DNA samples from all arrestees. (See
Haskell v. Harris, pending as No. 10-15152 (prior opinion, 669 F.3d 1049 (9th Cir. 2012).) But the U.S. Supreme Court expressly permitted such collections in a ruling last June. (
Maryland v. King, 133 S.Ct. 1958 (2013).) So in August, the Ninth voted to rehear
Haskell en banc in December. (2013 WL 4082133 (9th Cir.).)
The U.S. Supreme Court may indeed have the final word, but that won't stop the Ninth Circuit from adding drama in the late innings.
Pamela A. MacLean is contributing writer at California Lawyer.
Kari Santos
Daily Journal Staff Writer
