Plaintiff is a Rhode Island police officer whose wife installed a keylogger to track his computer usage about his potential infidelity. She turned it over to his department. He was suspended for two years with pay for the duration. Her actions violated the federal and state wiretapping law and the Stored Communications Act. It was not, however, inadmissible in his employment hearing. Williams v. Stoddard, 2015 R.I. Super. LEXIS 58 (February 11, 2015):
Thus, this Court finds the reasoning espoused in the dissenting opinion in Konop to be persuasive and holds that keylogger programs that capture typed information, which is intended to be and is transmitted over the internet immediately after it is typed, do constitute an interception of electronic communications in violation of the FWA. 302 F.3d at 891 (Reinhardt, J. dissenting). In such an instance, it is the typed information, such as an email password, sent from a website user to the website that constitutes the intercepted electronic communication. See 18 U.S.C. § 2510(12) (defining “electronic communication” as “any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system that affects interstate or foreign commerce”). This interpretation is consistent with the plain language of the statute, which defines “interception]” as merely the “acquisition of the contents of any … electronic … communication through the use of any electronic, mechanical, or other device.” 18 U.S.C. § 2510(4). Accordingly, when Stoddard used the keylogger program to record the passwords to Williams’ private online accounts and his emails, she intercepted his electronic communications in violation of the FWA, 18 U.S.C. § 251 l(l)(a).
, , ,
At trial, Stoddard unequivocally admitted to engaging in activities that clearly violate the SCA. Specifically, she testified that she used the keylogger program to obtain Williams’ email and other private website passwords and then used those passwords to access Williams’ password-protected accounts without his authorization. Moreover, Stoddard admitted that the primary reason that she installed the keylogger software was to learn Williams’ log-in credentials and use them to access his accounts without his knowledge or consent. Consequently, Stoddard “intentionally accesse[d] without authorization a facility through which an electronic communication service is provided … and thereby obtain[ed] … authorized access to a[n] … electronic communication while it [was] in electronic storage.” 18 U.S.C. § 2701(a); see also Miller v. Meyers, 766 F. Supp. 2d 919, 923 (W.D. Ark. 2011) (finding civil liability under the SCA under substantially similar circumstances); see also Cardinal Health 414, Inc. v. Adams, 582 F. Supp. 2d 967, 976 (M.D. Tenn. 2008) (holding that “where the facts indisputably present a case of an individual logging onto another’s e-mail account without permission and reviewing the material therein, a summary judgment finding of [a SCA] violation is appropriate”). Stoddard thereby violated the SCA.
Moreover, Stoddard violated the FWA’s prohibition on interception of electronic communications by capturing screenshots of Williams’ instant message conversations. These screenshots recorded Williams’ online instant message conversations with his Facebook friends in real time, while the conversations were occurring. Thus, the screenshots would qualify as prohibited interceptions even under an interpretation of the FWA that requires interceptions of electronic communications to be contemporaneous with transmission. Cf. Shefts v. Petrakis, No. 10-CV-1104, 2012 WL 4049484, at *9 (C.D. III. Sept. 13, 2012) (finding that software that caused images of the plaintiff’s email communications to be captured as they were being written and sent or received “contemporaneously captured Plaintiffs electronic communications within the meaning of the [FWA]”); see also Potter, 2007 WL 539534, at *6 (holding that “incoming emails subjected to the screen shot software” satisfy the FWA’s definition of an interception of an electronic communication).
Furthermore, Stoddard violated the FWA’s prohibition on using unlawfully intercepted electronic communications when she used Williams’ log-in credentials to access his emails and other online communications. See 18 U.S.C. § 2511(l)(d). Finally, she violated the FWA’s disclosure provision by disseminating copies of Williams’ electronic communications to Calise. See 18 U.S.C. § 2511 (l)(c); see also Noel v. Hall, 568 F.3d 743, 751 (9th Cir. 2009) (holding that 18 U.S.C. § 2511 (l)(c) “protects against the dissemination of private communications that have been unlawfully intercepted”).
. . .
Courts have widely recognized that individuals have an objectively reasonable expectation of privacy in their password-protected electronic communications and other online activity. See, e.g. United States v. Hamilton, 701 F.3d 404, 408 (4th Cir. 2012) (noting that “people have a reasonable expectation of privacy in their emails because emails today, in common experience, are confidential”) (internal quotations omitted); United States v. Lucas, 640 F.3d 168, 178 (6th Cir. 2011) (recognizing that “individuals have a reasonable expectation of privacy in the content of emails stored, sent, or received through a commercial internet service provider”); R.S. ex rel. S.S. v. Minnewaska Area Sch. Dist. No. 2149, 894 F. Supp. 2d 1128, 1142 (D. Minn. 2012) (holding that the plaintiff had “a reasonable expectation of privacy to her private Facebook information and messages,” which were password-protected and in her exclusive possession). Indeed, the primary purpose of requiring passwords to access certain websites, such as email accounts, [*45] is to maintain the privacy of the accountholder and to prevent other people from accessing and manipulating the data and communications available on those websites. Similarly, individuals have an objectively reasonable expectation of privacy in internet-based sexual activity, including web-based electronic communications of a sexual nature as well as visits to pornographic webpages. See Lawrence v. Texas, 539 U.S. 558, 567 (2003) (noting that “sexual behavior” is “the most private human conduct”). As such, Williams’ expectation of privacy from Stoddard in his website passwords, password-protected electronic communications, and internet-based sexual activity was objectively reasonable.
Moreover, the evidence before the Court demonstrates that Williams “actually expected” his online activity “to remain private” from Stoddard. Pontbriand, 699 A.2d at 865. In particular, Williams and Stoddard’s trial testimony revealed that Williams used password-protected websites to communicate over the internet, never voluntarily shared his passwords with Stoddard, and engaged in much of the online activity at issue in this case when Stoddard was not present, all in an effort to prevent her from discovering his online activity.
Given Williams’ actual and reasonable expectation of privacy in his electronic communications and online activity, this information constitutes “something that is entitled to be private or would be expected to be private” under § 9-1-28.1(a)(1), as well as “private fact[s]” under § 9-1-28.1(a)(3). See id. at 865 (explaining that a fact is private under § 9-1-28.1(a)(3) if it was “actually expected … to remain private” and if “society would recognize this expectation of privacy as reasonable and be willing to respect it”). By disclosing the details of Williams’ online activity and electronic communications to Calise, Stoddard publicized the information. See id. at 864 (explaining that “[t]he term ‘publication,’ … does not require that the information be disseminated in a newspaper but merely that it be repeated to a third party”). Stoddard therefore gave “unreasonable publicity .. to [Williams’] private life” and violated his “right to be secure from unreasonable intrusion upon [his] physical solitude or seclusion.” Secs. 9-1-28.1 (a)(1), (3).
